aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'index.php')
-rw-r--r--index.php186
1 files changed, 100 insertions, 86 deletions
diff --git a/index.php b/index.php
index ac51038d..d57789e6 100644
--- a/index.php
+++ b/index.php
@@ -64,7 +64,6 @@ require_once 'application/FeedBuilder.php';
64require_once 'application/FileUtils.php'; 64require_once 'application/FileUtils.php';
65require_once 'application/History.php'; 65require_once 'application/History.php';
66require_once 'application/HttpUtils.php'; 66require_once 'application/HttpUtils.php';
67require_once 'application/Languages.php';
68require_once 'application/LinkDB.php'; 67require_once 'application/LinkDB.php';
69require_once 'application/LinkFilter.php'; 68require_once 'application/LinkFilter.php';
70require_once 'application/LinkUtils.php'; 69require_once 'application/LinkUtils.php';
@@ -76,8 +75,10 @@ require_once 'application/Utils.php';
76require_once 'application/PluginManager.php'; 75require_once 'application/PluginManager.php';
77require_once 'application/Router.php'; 76require_once 'application/Router.php';
78require_once 'application/Updater.php'; 77require_once 'application/Updater.php';
78use \Shaarli\Languages;
79use \Shaarli\ThemeUtils; 79use \Shaarli\ThemeUtils;
80use \Shaarli\Config\ConfigManager; 80use \Shaarli\Config\ConfigManager;
81use \Shaarli\SessionManager;
81 82
82// Ensure the PHP version is supported 83// Ensure the PHP version is supported
83try { 84try {
@@ -88,7 +89,7 @@ try {
88 exit; 89 exit;
89} 90}
90 91
91define('shaarli_version', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE)); 92define('SHAARLI_VERSION', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE));
92 93
93// Force cookie path (but do not change lifetime) 94// Force cookie path (but do not change lifetime)
94$cookie = session_get_cookie_params(); 95$cookie = session_get_cookie_params();
@@ -115,14 +116,23 @@ if (session_id() == '') {
115} 116}
116 117
117// Regenerate session ID if invalid or not defined in cookie. 118// Regenerate session ID if invalid or not defined in cookie.
118if (isset($_COOKIE['shaarli']) && !is_session_id_valid($_COOKIE['shaarli'])) { 119if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli'])) {
119 session_regenerate_id(true); 120 session_regenerate_id(true);
120 $_COOKIE['shaarli'] = session_id(); 121 $_COOKIE['shaarli'] = session_id();
121} 122}
122 123
123$conf = new ConfigManager(); 124$conf = new ConfigManager();
125$sessionManager = new SessionManager($_SESSION, $conf);
126
127// Sniff browser language and set date format accordingly.
128if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
129 autoLocale($_SERVER['HTTP_ACCEPT_LANGUAGE']);
130}
131
132new Languages(setlocale(LC_MESSAGES, 0), $conf);
133
124$conf->setEmpty('general.timezone', date_default_timezone_get()); 134$conf->setEmpty('general.timezone', date_default_timezone_get());
125$conf->setEmpty('general.title', 'Shared links on '. escape(index_url($_SERVER))); 135$conf->setEmpty('general.title', t('Shared links on '). escape(index_url($_SERVER)));
126RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory 136RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory
127RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory 137RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory
128 138
@@ -144,7 +154,7 @@ if (! is_file($conf->getConfigFileExt())) {
144 $errors = ApplicationUtils::checkResourcePermissions($conf); 154 $errors = ApplicationUtils::checkResourcePermissions($conf);
145 155
146 if ($errors != array()) { 156 if ($errors != array()) {
147 $message = '<p>Insufficient permissions:</p><ul>'; 157 $message = '<p>'. t('Insufficient permissions:') .'</p><ul>';
148 158
149 foreach ($errors as $error) { 159 foreach ($errors as $error) {
150 $message .= '<li>'.$error.'</li>'; 160 $message .= '<li>'.$error.'</li>';
@@ -157,17 +167,12 @@ if (! is_file($conf->getConfigFileExt())) {
157 } 167 }
158 168
159 // Display the installation form if no existing config is found 169 // Display the installation form if no existing config is found
160 install($conf); 170 install($conf, $sessionManager);
161} 171}
162 172
163// a token depending of deployment salt, user password, and the current ip 173// a token depending of deployment salt, user password, and the current ip
164define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); 174define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt')));
165 175
166// Sniff browser language and set date format accordingly.
167if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
168 autoLocale($_SERVER['HTTP_ACCEPT_LANGUAGE']);
169}
170
171/** 176/**
172 * Checking session state (i.e. is the user still logged in) 177 * Checking session state (i.e. is the user still logged in)
173 * 178 *
@@ -376,9 +381,9 @@ function ban_canLogin($conf)
376// Process login form: Check if login/password is correct. 381// Process login form: Check if login/password is correct.
377if (isset($_POST['login'])) 382if (isset($_POST['login']))
378{ 383{
379 if (!ban_canLogin($conf)) die('I said: NO. You are banned for the moment. Go away.'); 384 if (!ban_canLogin($conf)) die(t('I said: NO. You are banned for the moment. Go away.'));
380 if (isset($_POST['password']) 385 if (isset($_POST['password'])
381 && tokenOk($_POST['token']) 386 && $sessionManager->checkToken($_POST['token'])
382 && (check_auth($_POST['login'], $_POST['password'], $conf)) 387 && (check_auth($_POST['login'], $_POST['password'], $conf))
383 ) { // Login/password is OK. 388 ) { // Login/password is OK.
384 ban_loginOk($conf); 389 ban_loginOk($conf);
@@ -431,7 +436,7 @@ if (isset($_POST['login']))
431 else 436 else
432 { 437 {
433 ban_loginFailed($conf); 438 ban_loginFailed($conf);
434 $redir = '&username='. $_POST['login']; 439 $redir = '&username='. urlencode($_POST['login']);
435 if (isset($_GET['post'])) { 440 if (isset($_GET['post'])) {
436 $redir .= '&post=' . urlencode($_GET['post']); 441 $redir .= '&post=' . urlencode($_GET['post']);
437 foreach (array('description', 'source', 'title', 'tags') as $param) { 442 foreach (array('description', 'source', 'title', 'tags') as $param) {
@@ -440,7 +445,8 @@ if (isset($_POST['login']))
440 } 445 }
441 } 446 }
442 } 447 }
443 echo '<script>alert("Wrong login/password.");document.location=\'?do=login'.$redir.'\';</script>'; // Redirect to login screen. 448 // Redirect to login screen.
449 echo '<script>alert("'. t("Wrong login/password.") .'");document.location=\'?do=login'.$redir.'\';</script>';
444 exit; 450 exit;
445 } 451 }
446} 452}
@@ -451,32 +457,6 @@ if (isset($_POST['login']))
451if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are attached to the session. 457if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are attached to the session.
452 458
453/** 459/**
454 * Returns a token.
455 *
456 * @param ConfigManager $conf Configuration Manager instance.
457 *
458 * @return string token.
459 */
460function getToken($conf)
461{
462 $rnd = sha1(uniqid('', true) .'_'. mt_rand() . $conf->get('credentials.salt')); // We generate a random string.
463 $_SESSION['tokens'][$rnd]=1; // Store it on the server side.
464 return $rnd;
465}
466
467// Tells if a token is OK. Using this function will destroy the token.
468// true=token is OK.
469function tokenOk($token)
470{
471 if (isset($_SESSION['tokens'][$token]))
472 {
473 unset($_SESSION['tokens'][$token]); // Token is used: destroy it.
474 return true; // Token is OK.
475 }
476 return false; // Wrong token, or already used.
477}
478
479/**
480 * Daily RSS feed: 1 RSS entry per day giving all the links on that day. 460 * Daily RSS feed: 1 RSS entry per day giving all the links on that day.
481 * Gives the last 7 days (which have links). 461 * Gives the last 7 days (which have links).
482 * This RSS feed cannot be filtered. 462 * This RSS feed cannot be filtered.
@@ -546,7 +526,11 @@ function showDailyRSS($conf) {
546 526
547 // We pre-format some fields for proper output. 527 // We pre-format some fields for proper output.
548 foreach ($links as &$link) { 528 foreach ($links as &$link) {
549 $link['formatedDescription'] = format_description($link['description'], $conf->get('redirector.url')); 529 $link['formatedDescription'] = format_description(
530 $link['description'],
531 $conf->get('redirector.url'),
532 $conf->get('redirector.encode_url')
533 );
550 $link['thumbnail'] = thumbnail($conf, $link['url']); 534 $link['thumbnail'] = thumbnail($conf, $link['url']);
551 $link['timestamp'] = $link['created']->getTimestamp(); 535 $link['timestamp'] = $link['created']->getTimestamp();
552 if (startsWith($link['url'], '?')) { 536 if (startsWith($link['url'], '?')) {
@@ -618,7 +602,11 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager)
618 $taglist = explode(' ',$link['tags']); 602 $taglist = explode(' ',$link['tags']);
619 uasort($taglist, 'strcasecmp'); 603 uasort($taglist, 'strcasecmp');
620 $linksToDisplay[$key]['taglist']=$taglist; 604 $linksToDisplay[$key]['taglist']=$taglist;
621 $linksToDisplay[$key]['formatedDescription'] = format_description($link['description'], $conf->get('redirector.url')); 605 $linksToDisplay[$key]['formatedDescription'] = format_description(
606 $link['description'],
607 $conf->get('redirector.url'),
608 $conf->get('redirector.encode_url')
609 );
622 $linksToDisplay[$key]['thumbnail'] = thumbnail($conf, $link['url']); 610 $linksToDisplay[$key]['thumbnail'] = thumbnail($conf, $link['url']);
623 $linksToDisplay[$key]['timestamp'] = $link['created']->getTimestamp(); 611 $linksToDisplay[$key]['timestamp'] = $link['created']->getTimestamp();
624 } 612 }
@@ -683,12 +671,13 @@ function showLinkList($PAGE, $LINKSDB, $conf, $pluginManager) {
683/** 671/**
684 * Render HTML page (according to URL parameters and user rights) 672 * Render HTML page (according to URL parameters and user rights)
685 * 673 *
686 * @param ConfigManager $conf Configuration Manager instance. 674 * @param ConfigManager $conf Configuration Manager instance.
687 * @param PluginManager $pluginManager Plugin Manager instance, 675 * @param PluginManager $pluginManager Plugin Manager instance,
688 * @param LinkDB $LINKSDB 676 * @param LinkDB $LINKSDB
689 * @param History $history instance 677 * @param History $history instance
678 * @param SessionManager $sessionManager SessionManager instance
690 */ 679 */
691function renderPage($conf, $pluginManager, $LINKSDB, $history) 680function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager)
692{ 681{
693 $updater = new Updater( 682 $updater = new Updater(
694 read_updates_file($conf->get('resource.updates')), 683 read_updates_file($conf->get('resource.updates')),
@@ -709,7 +698,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
709 die($e->getMessage()); 698 die($e->getMessage());
710 } 699 }
711 700
712 $PAGE = new PageBuilder($conf, $LINKSDB); 701 $PAGE = new PageBuilder($conf, $LINKSDB, $sessionManager->generateToken());
713 $PAGE->assign('linkcount', count($LINKSDB)); 702 $PAGE->assign('linkcount', count($LINKSDB));
714 $PAGE->assign('privateLinkcount', count_private($LINKSDB)); 703 $PAGE->assign('privateLinkcount', count_private($LINKSDB));
715 $PAGE->assign('plugin_errors', $pluginManager->getErrors()); 704 $PAGE->assign('plugin_errors', $pluginManager->getErrors());
@@ -840,7 +829,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
840 } 829 }
841 830
842 $data = array( 831 $data = array(
843 'search_tags' => implode(' ', $filteringTags), 832 'search_tags' => implode(' ', escape($filteringTags)),
844 'tags' => $tagList, 833 'tags' => $tagList,
845 ); 834 );
846 $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn())); 835 $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn()));
@@ -870,7 +859,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
870 } 859 }
871 860
872 $data = [ 861 $data = [
873 'search_tags' => implode(' ', $filteringTags), 862 'search_tags' => implode(' ', escape($filteringTags)),
874 'tags' => $tags, 863 'tags' => $tags,
875 ]; 864 ];
876 $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]); 865 $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]);
@@ -1100,16 +1089,19 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1100 if ($targetPage == Router::$PAGE_CHANGEPASSWORD) 1089 if ($targetPage == Router::$PAGE_CHANGEPASSWORD)
1101 { 1090 {
1102 if ($conf->get('security.open_shaarli')) { 1091 if ($conf->get('security.open_shaarli')) {
1103 die('You are not supposed to change a password on an Open Shaarli.'); 1092 die(t('You are not supposed to change a password on an Open Shaarli.'));
1104 } 1093 }
1105 1094
1106 if (!empty($_POST['setpassword']) && !empty($_POST['oldpassword'])) 1095 if (!empty($_POST['setpassword']) && !empty($_POST['oldpassword']))
1107 { 1096 {
1108 if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away! 1097 if (!$sessionManager->checkToken($_POST['token'])) die(t('Wrong token.')); // Go away!
1109 1098
1110 // Make sure old password is correct. 1099 // Make sure old password is correct.
1111 $oldhash = sha1($_POST['oldpassword'].$conf->get('credentials.login').$conf->get('credentials.salt')); 1100 $oldhash = sha1($_POST['oldpassword'].$conf->get('credentials.login').$conf->get('credentials.salt'));
1112 if ($oldhash!= $conf->get('credentials.hash')) { echo '<script>alert("The old password is not correct.");document.location=\'?do=changepasswd\';</script>'; exit; } 1101 if ($oldhash!= $conf->get('credentials.hash')) {
1102 echo '<script>alert("'. t('The old password is not correct.') .'");document.location=\'?do=changepasswd\';</script>';
1103 exit;
1104 }
1113 // Save new password 1105 // Save new password
1114 // Salt renders rainbow-tables attacks useless. 1106 // Salt renders rainbow-tables attacks useless.
1115 $conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand())); 1107 $conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand()));
@@ -1127,7 +1119,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1127 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=tools\';</script>'; 1119 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=tools\';</script>';
1128 exit; 1120 exit;
1129 } 1121 }
1130 echo '<script>alert("Your password has been changed.");document.location=\'?do=tools\';</script>'; 1122 echo '<script>alert("'. t('Your password has been changed') .'");document.location=\'?do=tools\';</script>';
1131 exit; 1123 exit;
1132 } 1124 }
1133 else // show the change password form. 1125 else // show the change password form.
@@ -1142,8 +1134,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1142 { 1134 {
1143 if (!empty($_POST['title']) ) 1135 if (!empty($_POST['title']) )
1144 { 1136 {
1145 if (!tokenOk($_POST['token'])) { 1137 if (!$sessionManager->checkToken($_POST['token'])) {
1146 die('Wrong token.'); // Go away! 1138 die(t('Wrong token.')); // Go away!
1147 } 1139 }
1148 $tz = 'UTC'; 1140 $tz = 'UTC';
1149 if (!empty($_POST['continent']) && !empty($_POST['city']) 1141 if (!empty($_POST['continent']) && !empty($_POST['city'])
@@ -1163,6 +1155,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1163 $conf->set('privacy.hide_public_links', !empty($_POST['hidePublicLinks'])); 1155 $conf->set('privacy.hide_public_links', !empty($_POST['hidePublicLinks']));
1164 $conf->set('api.enabled', !empty($_POST['enableApi'])); 1156 $conf->set('api.enabled', !empty($_POST['enableApi']));
1165 $conf->set('api.secret', escape($_POST['apiSecret'])); 1157 $conf->set('api.secret', escape($_POST['apiSecret']));
1158 $conf->set('translation.language', escape($_POST['language']));
1159
1166 try { 1160 try {
1167 $conf->write(isLoggedIn()); 1161 $conf->write(isLoggedIn());
1168 $history->updateSettings(); 1162 $history->updateSettings();
@@ -1178,7 +1172,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1178 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=configure\';</script>'; 1172 echo '<script>alert("'. $e->getMessage() .'");document.location=\'?do=configure\';</script>';
1179 exit; 1173 exit;
1180 } 1174 }
1181 echo '<script>alert("Configuration was saved.");document.location=\'?do=configure\';</script>'; 1175 echo '<script>alert("'. t('Configuration was saved.') .'");document.location=\'?do=configure\';</script>';
1182 exit; 1176 exit;
1183 } 1177 }
1184 else // Show the configuration form. 1178 else // Show the configuration form.
@@ -1200,6 +1194,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1200 $PAGE->assign('hide_public_links', $conf->get('privacy.hide_public_links', false)); 1194 $PAGE->assign('hide_public_links', $conf->get('privacy.hide_public_links', false));
1201 $PAGE->assign('api_enabled', $conf->get('api.enabled', true)); 1195 $PAGE->assign('api_enabled', $conf->get('api.enabled', true));
1202 $PAGE->assign('api_secret', $conf->get('api.secret')); 1196 $PAGE->assign('api_secret', $conf->get('api.secret'));
1197 $PAGE->assign('languages', Languages::getAvailableLanguages());
1198 $PAGE->assign('language', $conf->get('translation.language'));
1203 $PAGE->renderPage('configure'); 1199 $PAGE->renderPage('configure');
1204 exit; 1200 exit;
1205 } 1201 }
@@ -1214,8 +1210,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1214 exit; 1210 exit;
1215 } 1211 }
1216 1212
1217 if (!tokenOk($_POST['token'])) { 1213 if (!$sessionManager->checkToken($_POST['token'])) {
1218 die('Wrong token.'); 1214 die(t('Wrong token.'));
1219 } 1215 }
1220 1216
1221 $alteredLinks = $LINKSDB->renameTag(escape($_POST['fromtag']), escape($_POST['totag'])); 1217 $alteredLinks = $LINKSDB->renameTag(escape($_POST['fromtag']), escape($_POST['totag']));
@@ -1225,9 +1221,10 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1225 } 1221 }
1226 $delete = empty($_POST['totag']); 1222 $delete = empty($_POST['totag']);
1227 $redirect = $delete ? 'do=changetag' : 'searchtags='. urlencode(escape($_POST['totag'])); 1223 $redirect = $delete ? 'do=changetag' : 'searchtags='. urlencode(escape($_POST['totag']));
1224 $count = count($alteredLinks);
1228 $alert = $delete 1225 $alert = $delete
1229 ? sprintf(t('The tag was removed from %d links.'), count($alteredLinks)) 1226 ? sprintf(t('The tag was removed from %d link.', 'The tag was removed from %d links.', $count), $count)
1230 : sprintf(t('The tag was renamed in %d links.'), count($alteredLinks)); 1227 : sprintf(t('The tag was renamed in %d link.', 'The tag was renamed in %d links.', $count), $count);
1231 echo '<script>alert("'. $alert .'");document.location=\'?'. $redirect .'\';</script>'; 1228 echo '<script>alert("'. $alert .'");document.location=\'?'. $redirect .'\';</script>';
1232 exit; 1229 exit;
1233 } 1230 }
@@ -1243,8 +1240,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1243 if (isset($_POST['save_edit'])) 1240 if (isset($_POST['save_edit']))
1244 { 1241 {
1245 // Go away! 1242 // Go away!
1246 if (! tokenOk($_POST['token'])) { 1243 if (! $sessionManager->checkToken($_POST['token'])) {
1247 die('Wrong token.'); 1244 die(t('Wrong token.'));
1248 } 1245 }
1249 1246
1250 // lf_id should only be present if the link exists. 1247 // lf_id should only be present if the link exists.
@@ -1343,8 +1340,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1343 // -------- User clicked the "Delete" button when editing a link: Delete link from database. 1340 // -------- User clicked the "Delete" button when editing a link: Delete link from database.
1344 if ($targetPage == Router::$PAGE_DELETELINK) 1341 if ($targetPage == Router::$PAGE_DELETELINK)
1345 { 1342 {
1346 if (! tokenOk($_GET['token'])) { 1343 if (! $sessionManager->checkToken($_GET['token'])) {
1347 die('Wrong token.'); 1344 die(t('Wrong token.'));
1348 } 1345 }
1349 1346
1350 $ids = trim($_GET['lf_linkdate']); 1347 $ids = trim($_GET['lf_linkdate']);
@@ -1437,7 +1434,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1437 1434
1438 if ($url == '') { 1435 if ($url == '') {
1439 $url = '?' . smallHash($linkdate . $LINKSDB->getNextId()); 1436 $url = '?' . smallHash($linkdate . $LINKSDB->getNextId());
1440 $title = 'Note: '; 1437 $title = $conf->get('general.default_note_title', t('Note: '));
1441 } 1438 }
1442 $url = escape($url); 1439 $url = escape($url);
1443 $title = escape($title); 1440 $title = escape($title);
@@ -1544,14 +1541,17 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1544 // Import bookmarks from an uploaded file 1541 // Import bookmarks from an uploaded file
1545 if (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size'] == 0) { 1542 if (isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size'] == 0) {
1546 // The file is too big or some form field may be missing. 1543 // The file is too big or some form field may be missing.
1547 echo '<script>alert("The file you are trying to upload is probably' 1544 $msg = sprintf(
1548 .' bigger than what this webserver can accept (' 1545 t(
1549 .get_max_upload_size(ini_get('post_max_size'), ini_get('upload_max_filesize')).').' 1546 'The file you are trying to upload is probably bigger than what this webserver can accept'
1550 .' Please upload in smaller chunks.");document.location=\'?do=' 1547 .' (%s). Please upload in smaller chunks.'
1551 .Router::$PAGE_IMPORT .'\';</script>'; 1548 ),
1549 get_max_upload_size(ini_get('post_max_size'), ini_get('upload_max_filesize'))
1550 );
1551 echo '<script>alert("'. $msg .'");document.location=\'?do='.Router::$PAGE_IMPORT .'\';</script>';
1552 exit; 1552 exit;
1553 } 1553 }
1554 if (! tokenOk($_POST['token'])) { 1554 if (! $sessionManager->checkToken($_POST['token'])) {
1555 die('Wrong token.'); 1555 die('Wrong token.');
1556 } 1556 }
1557 $status = NetscapeBookmarkUtils::import( 1557 $status = NetscapeBookmarkUtils::import(
@@ -1618,7 +1618,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1618 // Get a fresh token 1618 // Get a fresh token
1619 if ($targetPage == Router::$GET_TOKEN) { 1619 if ($targetPage == Router::$GET_TOKEN) {
1620 header('Content-Type:text/plain'); 1620 header('Content-Type:text/plain');
1621 echo getToken($conf); 1621 echo $sessionManager->generateToken($conf);
1622 exit; 1622 exit;
1623 } 1623 }
1624 1624
@@ -1690,7 +1690,11 @@ function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager)
1690 while ($i<$end && $i<count($keys)) 1690 while ($i<$end && $i<count($keys))
1691 { 1691 {
1692 $link = $linksToDisplay[$keys[$i]]; 1692 $link = $linksToDisplay[$keys[$i]];
1693 $link['description'] = format_description($link['description'], $conf->get('redirector.url')); 1693 $link['description'] = format_description(
1694 $link['description'],
1695 $conf->get('redirector.url'),
1696 $conf->get('redirector.encode_url')
1697 );
1694 $classLi = ($i % 2) != 0 ? '' : 'publicLinkHightLight'; 1698 $classLi = ($i % 2) != 0 ? '' : 'publicLinkHightLight';
1695 $link['class'] = $link['private'] == 0 ? $classLi : 'private'; 1699 $link['class'] = $link['private'] == 0 ? $classLi : 'private';
1696 $link['timestamp'] = $link['created']->getTimestamp(); 1700 $link['timestamp'] = $link['created']->getTimestamp();
@@ -1944,10 +1948,10 @@ function lazyThumbnail($conf, $url,$href=false)
1944 * Installation 1948 * Installation
1945 * This function should NEVER be called if the file data/config.php exists. 1949 * This function should NEVER be called if the file data/config.php exists.
1946 * 1950 *
1947 * @param ConfigManager $conf Configuration Manager instance. 1951 * @param ConfigManager $conf Configuration Manager instance.
1952 * @param SessionManager $sessionManager SessionManager instance
1948 */ 1953 */
1949function install($conf) 1954function install($conf, $sessionManager) {
1950{
1951 // On free.fr host, make sure the /sessions directory exists, otherwise login will not work. 1955 // On free.fr host, make sure the /sessions directory exists, otherwise login will not work.
1952 if (endsWith($_SERVER['HTTP_HOST'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705); 1956 if (endsWith($_SERVER['HTTP_HOST'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705);
1953 1957
@@ -1956,12 +1960,20 @@ function install($conf)
1956 // (Because on some hosts, session.save_path may not be set correctly, 1960 // (Because on some hosts, session.save_path may not be set correctly,
1957 // or we may not have write access to it.) 1961 // or we may not have write access to it.)
1958 if (isset($_GET['test_session']) && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working')) 1962 if (isset($_GET['test_session']) && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working'))
1959 { // Step 2: Check if data in session is correct. 1963 {
1960 echo '<pre>Sessions do not seem to work correctly on your server.<br>'; 1964 // Step 2: Check if data in session is correct.
1961 echo 'Make sure the variable session.save_path is set correctly in your php config, and that you have write access to it.<br>'; 1965 $msg = t(
1962 echo 'It currently points to '.session_save_path().'<br>'; 1966 '<pre>Sessions do not seem to work correctly on your server.<br>'.
1963 echo 'Check that the hostname used to access Shaarli contains a dot. On some browsers, accessing your server via a hostname like \'localhost\' or any custom hostname without a dot causes cookie storage to fail. We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.<br>'; 1967 'Make sure the variable "session.save_path" is set correctly in your PHP config, '.
1964 echo '<br><a href="?">Click to try again.</a></pre>'; 1968 'and that you have write access to it.<br>'.
1969 'It currently points to %s.<br>'.
1970 'On some browsers, accessing your server via a hostname like \'localhost\' '.
1971 'or any custom hostname without a dot causes cookie storage to fail. '.
1972 'We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.<br>'
1973 );
1974 $msg = sprintf($msg, session_save_path());
1975 echo $msg;
1976 echo '<br><a href="?">'. t('Click to try again.') .'</a></pre>';
1965 die; 1977 die;
1966 } 1978 }
1967 if (!isset($_SESSION['session_tested'])) 1979 if (!isset($_SESSION['session_tested']))
@@ -1994,6 +2006,7 @@ function install($conf)
1994 } else { 2006 } else {
1995 $conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER))); 2007 $conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER)));
1996 } 2008 }
2009 $conf->set('translation.language', escape($_POST['language']));
1997 $conf->set('updates.check_updates', !empty($_POST['updateCheck'])); 2010 $conf->set('updates.check_updates', !empty($_POST['updateCheck']));
1998 $conf->set('api.enabled', !empty($_POST['enableApi'])); 2011 $conf->set('api.enabled', !empty($_POST['enableApi']));
1999 $conf->set( 2012 $conf->set(
@@ -2021,10 +2034,11 @@ function install($conf)
2021 exit; 2034 exit;
2022 } 2035 }
2023 2036
2024 $PAGE = new PageBuilder($conf); 2037 $PAGE = new PageBuilder($conf, null, $sessionManager->generateToken());
2025 list($continents, $cities) = generateTimeZoneData(timezone_identifiers_list(), date_default_timezone_get()); 2038 list($continents, $cities) = generateTimeZoneData(timezone_identifiers_list(), date_default_timezone_get());
2026 $PAGE->assign('continents', $continents); 2039 $PAGE->assign('continents', $continents);
2027 $PAGE->assign('cities', $cities); 2040 $PAGE->assign('cities', $cities);
2041 $PAGE->assign('languages', Languages::getAvailableLanguages());
2028 $PAGE->renderPage('install'); 2042 $PAGE->renderPage('install');
2029 exit; 2043 exit;
2030} 2044}
@@ -2297,7 +2311,7 @@ $response = $app->run(true);
2297if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) { 2311if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) {
2298 // We use UTF-8 for proper international characters handling. 2312 // We use UTF-8 for proper international characters handling.
2299 header('Content-Type: text/html; charset=utf-8'); 2313 header('Content-Type: text/html; charset=utf-8');
2300 renderPage($conf, $pluginManager, $linkDb, $history); 2314 renderPage($conf, $pluginManager, $linkDb, $history, $sessionManager);
2301} else { 2315} else {
2302 $app->respond($response); 2316 $app->respond($response);
2303} 2317}