diff options
Diffstat (limited to 'index.php')
-rw-r--r-- | index.php | 52 |
1 files changed, 39 insertions, 13 deletions
@@ -41,7 +41,7 @@ define('PHPSUFFIX',' */ ?>'); // Suffix to encapsulate data in php code. | |||
41 | // Force cookie path (but do not change lifetime) | 41 | // Force cookie path (but do not change lifetime) |
42 | $cookie=session_get_cookie_params(); | 42 | $cookie=session_get_cookie_params(); |
43 | $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; | 43 | $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; |
44 | session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['SERVER_NAME']); // Set default cookie expiration and path. | 44 | session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['HTTP_HOST']); // Set default cookie expiration and path. |
45 | 45 | ||
46 | // Set session parameters on server side. | 46 | // Set session parameters on server side. |
47 | define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired. | 47 | define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired. |
@@ -89,7 +89,7 @@ if (!is_dir($GLOBALS['config']['DATADIR'])) { mkdir($GLOBALS['config']['DATADIR' | |||
89 | if (!is_dir('tmp')) { mkdir('tmp',0705); chmod('tmp',0705); } // For RainTPL temporary files. | 89 | if (!is_dir('tmp')) { mkdir('tmp',0705); chmod('tmp',0705); } // For RainTPL temporary files. |
90 | if (!is_file($GLOBALS['config']['DATADIR'].'/.htaccess')) { file_put_contents($GLOBALS['config']['DATADIR'].'/.htaccess',"Allow from none\nDeny from all\n"); } // Protect data files. | 90 | if (!is_file($GLOBALS['config']['DATADIR'].'/.htaccess')) { file_put_contents($GLOBALS['config']['DATADIR'].'/.htaccess',"Allow from none\nDeny from all\n"); } // Protect data files. |
91 | // Second check to see if Shaarli can write in its directory, because on some hosts is_writable() is not reliable. | 91 | // Second check to see if Shaarli can write in its directory, because on some hosts is_writable() is not reliable. |
92 | if (!is_file($GLOBALS['config']['DATADIR'].'/.htaccess')) die('<pre>ERROR: Shaarli does not have the right to write in its own directory ('.realpath(dirname(__FILE__)).').</pre>'); | 92 | if (!is_file($GLOBALS['config']['DATADIR'].'/.htaccess')) die('<pre>ERROR: Shaarli does not have the right to write in its data directory ('.realpath($GLOBALS['config']['DATADIR']).').</pre>'); |
93 | if ($GLOBALS['config']['ENABLE_LOCALCACHE']) | 93 | if ($GLOBALS['config']['ENABLE_LOCALCACHE']) |
94 | { | 94 | { |
95 | if (!is_dir($GLOBALS['config']['CACHEDIR'])) { mkdir($GLOBALS['config']['CACHEDIR'],0705); chmod($GLOBALS['config']['CACHEDIR'],0705); } | 95 | if (!is_dir($GLOBALS['config']['CACHEDIR'])) { mkdir($GLOBALS['config']['CACHEDIR'],0705); chmod($GLOBALS['config']['CACHEDIR'],0705); } |
@@ -400,14 +400,14 @@ if (isset($_POST['login'])) | |||
400 | $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // Set session expiration on server-side. | 400 | $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // Set session expiration on server-side. |
401 | 401 | ||
402 | $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; | 402 | $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; |
403 | session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['SERVER_NAME']); // Set session cookie expiration on client side | 403 | session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['HTTP_HOST']); // Set session cookie expiration on client side |
404 | // Note: Never forget the trailing slash on the cookie path ! | 404 | // Note: Never forget the trailing slash on the cookie path ! |
405 | session_regenerate_id(true); // Send cookie with new expiration date to browser. | 405 | session_regenerate_id(true); // Send cookie with new expiration date to browser. |
406 | } | 406 | } |
407 | else // Standard session expiration (=when browser closes) | 407 | else // Standard session expiration (=when browser closes) |
408 | { | 408 | { |
409 | $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; | 409 | $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; |
410 | session_set_cookie_params(0,$cookiedir,$_SERVER['SERVER_NAME']); // 0 means "When browser closes" | 410 | session_set_cookie_params(0,$cookiedir,$_SERVER['HTTP_HOST']); // 0 means "When browser closes" |
411 | session_regenerate_id(true); | 411 | session_regenerate_id(true); |
412 | } | 412 | } |
413 | // Optional redirect after login: | 413 | // Optional redirect after login: |
@@ -439,7 +439,7 @@ function serverUrl() | |||
439 | { | 439 | { |
440 | $https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) || $_SERVER["SERVER_PORT"]=='443'; // HTTPS detection. | 440 | $https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) || $_SERVER["SERVER_PORT"]=='443'; // HTTPS detection. |
441 | $serverport = ($_SERVER["SERVER_PORT"]=='80' || ($https && $_SERVER["SERVER_PORT"]=='443') ? '' : ':'.$_SERVER["SERVER_PORT"]); | 441 | $serverport = ($_SERVER["SERVER_PORT"]=='80' || ($https && $_SERVER["SERVER_PORT"]=='443') ? '' : ':'.$_SERVER["SERVER_PORT"]); |
442 | return 'http'.($https?'s':'').'://'.$_SERVER["SERVER_NAME"].$serverport; | 442 | return 'http'.($https?'s':'').'://'.$_SERVER['HTTP_HOST'].$serverport; |
443 | } | 443 | } |
444 | 444 | ||
445 | // Returns the absolute URL of current script, without the query. | 445 | // Returns the absolute URL of current script, without the query. |
@@ -566,7 +566,7 @@ function getHTTP($url,$timeout=30) | |||
566 | { | 566 | { |
567 | try | 567 | try |
568 | { | 568 | { |
569 | $options = array('http'=>array('method'=>'GET','timeout' => $timeout)); // Force network timeout | 569 | $options = array('http'=>array('method'=>'GET','timeout' => $timeout, 'user_agent' => 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0')); // Force network timeout |
570 | $context = stream_context_create($options); | 570 | $context = stream_context_create($options); |
571 | $data=file_get_contents($url,false,$context,-1, 4000000); // We download at most 4 Mb from source. | 571 | $data=file_get_contents($url,false,$context,-1, 4000000); // We download at most 4 Mb from source. |
572 | if (!$data) { return array('HTTP Error',array(),''); } | 572 | if (!$data) { return array('HTTP Error',array(),''); } |
@@ -1281,7 +1281,7 @@ function renderPage() | |||
1281 | if (is_numeric($_GET['linksperpage'])) { $_SESSION['LINKS_PER_PAGE']=abs(intval($_GET['linksperpage'])); } | 1281 | if (is_numeric($_GET['linksperpage'])) { $_SESSION['LINKS_PER_PAGE']=abs(intval($_GET['linksperpage'])); } |
1282 | // Make sure the referer is from Shaarli itself. | 1282 | // Make sure the referer is from Shaarli itself. |
1283 | $referer = '?'; | 1283 | $referer = '?'; |
1284 | if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['SERVER_NAME'])==0) | 1284 | if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0) |
1285 | $referer = $_SERVER['HTTP_REFERER']; | 1285 | $referer = $_SERVER['HTTP_REFERER']; |
1286 | header('Location: '.$referer); | 1286 | header('Location: '.$referer); |
1287 | exit; | 1287 | exit; |
@@ -1300,7 +1300,7 @@ function renderPage() | |||
1300 | } | 1300 | } |
1301 | // Make sure the referer is from Shaarli itself. | 1301 | // Make sure the referer is from Shaarli itself. |
1302 | $referer = '?'; | 1302 | $referer = '?'; |
1303 | if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['SERVER_NAME'])==0) | 1303 | if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0) |
1304 | $referer = $_SERVER['HTTP_REFERER']; | 1304 | $referer = $_SERVER['HTTP_REFERER']; |
1305 | header('Location: '.$referer); | 1305 | header('Location: '.$referer); |
1306 | exit; | 1306 | exit; |
@@ -1540,15 +1540,37 @@ function renderPage() | |||
1540 | $link_is_new = true; // This is a new link | 1540 | $link_is_new = true; // This is a new link |
1541 | $linkdate = strval(date('Ymd_His')); | 1541 | $linkdate = strval(date('Ymd_His')); |
1542 | $title = (empty($_GET['title']) ? '' : $_GET['title'] ); // Get title if it was provided in URL (by the bookmarklet). | 1542 | $title = (empty($_GET['title']) ? '' : $_GET['title'] ); // Get title if it was provided in URL (by the bookmarklet). |
1543 | $description=''; $tags=''; $private=0; | 1543 | $description = (empty($_GET['description']) ? '' : $_GET['description'] )."\n"; // Get description if it was provided in URL (by the bookmarklet). [Bronco added that] |
1544 | $tags=''; $private=0; | ||
1544 | if (($url!='') && parse_url($url,PHP_URL_SCHEME)=='') $url = 'http://'.$url; | 1545 | if (($url!='') && parse_url($url,PHP_URL_SCHEME)=='') $url = 'http://'.$url; |
1545 | // If this is an HTTP link, we try go get the page to extact the title (otherwise we will to straight to the edit form.) | 1546 | // If this is an HTTP link, we try go get the page to extact the title (otherwise we will to straight to the edit form.) |
1546 | if (empty($title) && parse_url($url,PHP_URL_SCHEME)=='http') | 1547 | if (empty($title) && parse_url($url,PHP_URL_SCHEME)=='http') |
1547 | { | 1548 | { |
1548 | list($status,$headers,$data) = getHTTP($url,4); // Short timeout to keep the application responsive. | 1549 | list($status,$headers,$data) = getHTTP($url,4); // Short timeout to keep the application responsive. |
1549 | // FIXME: Decode charset according to specified in either 1) HTTP response headers or 2) <head> in html | 1550 | // FIXME: Decode charset according to specified in either 1) HTTP response headers or 2) <head> in html |
1550 | if (strpos($status,'200 OK')!==false) $title=html_entity_decode(html_extract_title($data),ENT_QUOTES,'UTF-8'); | 1551 | if (strpos($status,'200 OK')!==false) |
1551 | 1552 | { | |
1553 | // Look for charset in html header. | ||
1554 | preg_match('#<meta .*charset=.*>#Usi', $data, $meta); | ||
1555 | |||
1556 | // If found, extract encoding. | ||
1557 | if (!empty($meta[0])) | ||
1558 | { | ||
1559 | // Get encoding specified in header. | ||
1560 | preg_match('#charset="?(.*)"#si', $meta[0], $enc); | ||
1561 | // If charset not found, use utf-8. | ||
1562 | $html_charset = (!empty($enc[1])) ? strtolower($enc[1]) : 'utf-8'; | ||
1563 | } | ||
1564 | else { $html_charset = 'utf-8'; } | ||
1565 | |||
1566 | // Extract title | ||
1567 | $title = html_extract_title($data); | ||
1568 | if (!empty($title)) | ||
1569 | { | ||
1570 | // Re-encode title in utf-8 if necessary. | ||
1571 | $title = ($html_charset == 'iso-8859-1') ? utf8_encode($title) : $title; | ||
1572 | } | ||
1573 | } | ||
1552 | } | 1574 | } |
1553 | if ($url=='') $url='?'.smallHash($linkdate); // In case of empty URL, this is just a text (with a link that point to itself) | 1575 | if ($url=='') $url='?'.smallHash($linkdate); // In case of empty URL, this is just a text (with a link that point to itself) |
1554 | $link = array('linkdate'=>$linkdate,'title'=>$title,'url'=>$url,'description'=>$description,'tags'=>$tags,'private'=>0); | 1576 | $link = array('linkdate'=>$linkdate,'title'=>$title,'url'=>$url,'description'=>$description,'tags'=>$tags,'private'=>0); |
@@ -1676,7 +1698,11 @@ function importFile() | |||
1676 | { | 1698 | { |
1677 | $attr=$m[1]; $value=$m[2]; | 1699 | $attr=$m[1]; $value=$m[2]; |
1678 | if ($attr=='HREF') $link['url']=html_entity_decode($value,ENT_QUOTES,'UTF-8'); | 1700 | if ($attr=='HREF') $link['url']=html_entity_decode($value,ENT_QUOTES,'UTF-8'); |
1679 | elseif ($attr=='ADD_DATE') $raw_add_date=intval($value); | 1701 | elseif ($attr=='ADD_DATE') |
1702 | { | ||
1703 | $raw_add_date=intval($value); | ||
1704 | if ($raw_add_date>30000000000) $raw_add_date/=1000; //If larger than year 2920, then was likely stored in milliseconds instead of seconds | ||
1705 | } | ||
1680 | elseif ($attr=='PRIVATE') $link['private']=($value=='0'?0:1); | 1706 | elseif ($attr=='PRIVATE') $link['private']=($value=='0'?0:1); |
1681 | elseif ($attr=='TAGS') $link['tags']=html_entity_decode(str_replace(',',' ',$value),ENT_QUOTES,'UTF-8'); | 1707 | elseif ($attr=='TAGS') $link['tags']=html_entity_decode(str_replace(',',' ',$value),ENT_QUOTES,'UTF-8'); |
1682 | } | 1708 | } |
@@ -2011,7 +2037,7 @@ function lazyThumbnail($url,$href=false) | |||
2011 | function install() | 2037 | function install() |
2012 | { | 2038 | { |
2013 | // On free.fr host, make sure the /sessions directory exists, otherwise login will not work. | 2039 | // On free.fr host, make sure the /sessions directory exists, otherwise login will not work. |
2014 | if (endsWith($_SERVER['SERVER_NAME'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705); | 2040 | if (endsWith($_SERVER['HTTP_HOST'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705); |
2015 | 2041 | ||
2016 | 2042 | ||
2017 | // This part makes sure sessions works correctly. | 2043 | // This part makes sure sessions works correctly. |