1 files changed, 6 insertions, 27 deletions
diff --git a/index.php b/index.php
index 9546ee15..ac4a680d 100644
--- a/index.php
+++ b/index.php
@@ -106,7 +106,8 @@ if (isset($_COOKIE['shaarli']) && !is_session_id_valid($_COOKIE['shaarli'])) {
 }
 $conf = ConfigManager::getInstance();
+$conf->setEmpty('general.timezone', date_default_timezone_get());
+$conf->setEmpty('general.title', 'Shared links on '. escape(index_url($_SERVER)));
 RainTPL::$tpl_dir = $conf->get('path.raintpl_tpl'); // template directory
 RainTPL::$cache_dir = $conf->get('path.raintpl_tmp'); // cache directory
@@ -132,23 +133,6 @@ header("Cache-Control: no-store, no-cache, must-revalidate");
 header("Cache-Control: post-check=0, pre-check=0", false);
 header("Pragma: no-cache");
-// Handling of old config file which do not have the new parameters.
-if (! $conf->exists('general.title')) {
-    $conf->set('general.title', 'Shared links on '. escape(index_url($_SERVER)));
-}
-if (! $conf->exists('general.timezone')) {
-    $conf->set('general.timezone', date_default_timezone_get());
-}
-if (! $conf->exists('security.session_protection_disabled')) {
-    $conf->set('security.session_protection_disabled', false);
-}
-if (! $conf->exists('general.default_private_links')) {
-    $conf->set('general.default_private_links', false);
-}
-if (! $conf->exists('general.header_link')) {
-    $conf->set('general.header_link', '?');
-}
 if (! is_file($conf->getConfigFile())) {
    // Ensure Shaarli has proper access to its resources
    $errors = ApplicationUtils::checkResourcePermissions();
@@ -170,11 +154,6 @@ if (! is_file($conf->getConfigFile())) {
    install();
 }
-// FIXME! Update these value with Updater and escpae it during the install/config save.
-$conf->set('general.title', escape($conf->get('general.title')));
-$conf->set('general.header_link', escape($conf->get('general.header_link')));
-$conf->set('extras.redirector', escape($conf->get('extras.redirector')));
 // a token depending of deployment salt, user password, and the current ip
 define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt')));
@@ -1101,9 +1080,9 @@ function renderPage()
                $tz = $_POST['continent'] . '/' . $_POST['city'];
            }
            $conf->set('general.timezone', $tz);
-            $conf->set('general.title', $_POST['title']);
+            $conf->set('general.title', escape($_POST['title']));
-            $conf->set('general.header_link', $_POST['titleLink']);
+            $conf->set('general.header_link', escape($_POST['titleLink']));
-            $conf->set('extras.redirector', $_POST['redirector']);
+            $conf->set('extras.redirector', escape($_POST['redirector']));
            $conf->set('security.session_protection_disabled', !empty($_POST['disablesessionprotection']));
            $conf->set('general.default_private_links', !empty($_POST['privateLinkByDefault']));
            $conf->set('general.rss_permalinks', !empty($_POST['enableRssPermalinks']));
@@ -1951,7 +1930,7 @@ function install()
        $conf->set('credentials.salt', $salt);
        $conf->set('credentials.hash', sha1($_POST['setpassword'] . $login . $salt));
        if (!empty($_POST['title'])) {
-            $conf->set('general.title', $_POST['title']);
+            $conf->set('general.title', escape($_POST['title']));
        } else {
            $conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER)));
        }

diff --git a/index.php b/index.php index 9546ee15..ac4a680d 100644 --- a/index.php +++ b/index.php
@@ -106,7 +106,8 @@ if (isset($_COOKIE['shaarli']) && !is_session_id_valid($_COOKIE['shaarli'])) {
106	}	106	}
107		107
108	$conf = ConfigManager::getInstance();	108	$conf = ConfigManager::getInstance();
109		109	$conf->setEmpty('general.timezone', date_default_timezone_get());
		110	$conf->setEmpty('general.title', 'Shared links on '. escape(index_url($_SERVER)));
110	RainTPL::$tpl_dir = $conf->get('path.raintpl_tpl'); // template directory	111	RainTPL::$tpl_dir = $conf->get('path.raintpl_tpl'); // template directory
111	RainTPL::$cache_dir = $conf->get('path.raintpl_tmp'); // cache directory	112	RainTPL::$cache_dir = $conf->get('path.raintpl_tmp'); // cache directory
112		113
@@ -132,23 +133,6 @@ header("Cache-Control: no-store, no-cache, must-revalidate");
132	header("Cache-Control: post-check=0, pre-check=0", false);	133	header("Cache-Control: post-check=0, pre-check=0", false);
133	header("Pragma: no-cache");	134	header("Pragma: no-cache");
134		135
135	// Handling of old config file which do not have the new parameters.
136	if (! $conf->exists('general.title')) {
137	$conf->set('general.title', 'Shared links on '. escape(index_url($_SERVER)));
138	}
139	if (! $conf->exists('general.timezone')) {
140	$conf->set('general.timezone', date_default_timezone_get());
141	}
142	if (! $conf->exists('security.session_protection_disabled')) {
143	$conf->set('security.session_protection_disabled', false);
144	}
145	if (! $conf->exists('general.default_private_links')) {
146	$conf->set('general.default_private_links', false);
147	}
148	if (! $conf->exists('general.header_link')) {
149	$conf->set('general.header_link', '?');
150	}
151
152	if (! is_file($conf->getConfigFile())) {	136	if (! is_file($conf->getConfigFile())) {
153	// Ensure Shaarli has proper access to its resources	137	// Ensure Shaarli has proper access to its resources
154	$errors = ApplicationUtils::checkResourcePermissions();	138	$errors = ApplicationUtils::checkResourcePermissions();
@@ -170,11 +154,6 @@ if (! is_file($conf->getConfigFile())) {
170	install();	154	install();
171	}	155	}
172		156
173	// FIXME! Update these value with Updater and escpae it during the install/config save.
174	$conf->set('general.title', escape($conf->get('general.title')));
175	$conf->set('general.header_link', escape($conf->get('general.header_link')));
176	$conf->set('extras.redirector', escape($conf->get('extras.redirector')));
177
178	// a token depending of deployment salt, user password, and the current ip	157	// a token depending of deployment salt, user password, and the current ip
179	define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt')));	158	define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt')));
180		159
@@ -1101,9 +1080,9 @@ function renderPage()
1101	$tz = $_POST['continent'] . '/' . $_POST['city'];	1080	$tz = $_POST['continent'] . '/' . $_POST['city'];
1102	}	1081	}
1103	$conf->set('general.timezone', $tz);	1082	$conf->set('general.timezone', $tz);
1104	$conf->set('general.title', $_POST['title']);	1083	$conf->set('general.title', escape($_POST['title']));
1105	$conf->set('general.header_link', $_POST['titleLink']);	1084	$conf->set('general.header_link', escape($_POST['titleLink']));
1106	$conf->set('extras.redirector', $_POST['redirector']);	1085	$conf->set('extras.redirector', escape($_POST['redirector']));
1107	$conf->set('security.session_protection_disabled', !empty($_POST['disablesessionprotection']));	1086	$conf->set('security.session_protection_disabled', !empty($_POST['disablesessionprotection']));
1108	$conf->set('general.default_private_links', !empty($_POST['privateLinkByDefault']));	1087	$conf->set('general.default_private_links', !empty($_POST['privateLinkByDefault']));
1109	$conf->set('general.rss_permalinks', !empty($_POST['enableRssPermalinks']));	1088	$conf->set('general.rss_permalinks', !empty($_POST['enableRssPermalinks']));
@@ -1951,7 +1930,7 @@ function install()
1951	$conf->set('credentials.salt', $salt);	1930	$conf->set('credentials.salt', $salt);
1952	$conf->set('credentials.hash', sha1($_POST['setpassword'] . $login . $salt));	1931	$conf->set('credentials.hash', sha1($_POST['setpassword'] . $login . $salt));
1953	if (!empty($_POST['title'])) {	1932	if (!empty($_POST['title'])) {
1954	$conf->set('general.title', $_POST['title']);	1933	$conf->set('general.title', escape($_POST['title']));
1955	} else {	1934	} else {
1956	$conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER)));	1935	$conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER)));
1957	}	1936	}