From 4887ceda72ed74fb13879e0502cbc848f06ac890 Mon Sep 17 00:00:00 2001 From: Seb Sauvage Date: Sat, 17 Sep 2011 00:24:10 +0200 Subject: Version 0.0.9 beta --- index.php | 92 ++++++++++++++++++++++++++++++++++++++++----------------------- 1 file changed, 59 insertions(+), 33 deletions(-) diff --git a/index.php b/index.php index 0b836ae9..d46bd84f 100644 --- a/index.php +++ b/index.php @@ -1,10 +1,10 @@ =5 && $minor>=1) return; // 5.1.x or higher is ok. + die('Your server supports php '.$ver.'. Shaarli requires at last php 5.1, and thus cannot run. Sorry.'); + } + // if cannot check php version... well, at your own risks. +} + // ----------------------------------------------------------------------------------------------- // Log to text file function logm($message) @@ -285,7 +299,7 @@ function http_parse_headers( $headers ) /* GET an URL. Input: $url : url to get (http://...) $timeout : Network timeout (will wait this many seconds for an anwser before giving up). - Output: An array. [0] = HTTP status message (eg. "HTTP/1.1 200 OK") + Output: An array. [0] = HTTP status message (eg. "HTTP/1.1 200 OK") or error message [1] = associative array containing HTTP response headers (eg. echo getHTTP($url)[1]['Content-Type']) [2] = data Example: list($httpstatus,$headers,$data) = getHTTP('http://sebauvage.net/'); @@ -296,14 +310,20 @@ function http_parse_headers( $headers ) */ function getHTTP($url,$timeout=30) { - //FIXME: trap error correctly (unresolved host, unsupported protocol, etc.) - $options = array('http'=>array('method'=>'GET','timeout' => $timeout)); // Force network timeout - $context = stream_context_create($options); - $data=file_get_contents($url,false,$context,-1, 2000000); // We download at most 2 Mb from source. - if (!$data) { $lasterror=error_get_last(); return array($lasterror['message'],array(),''); } - $httpStatus=$http_response_header[0]; // eg. "HTTP/1.1 200 OK" - $responseHeaders=http_parse_headers($http_response_header); - return array($httpStatus,$responseHeaders,$data); + try + { + $options = array('http'=>array('method'=>'GET','timeout' => $timeout)); // Force network timeout + $context = stream_context_create($options); + $data=file_get_contents($url,false,$context,-1, 2000000); // We download at most 2 Mb from source. + if (!$data) { $lasterror=error_get_last(); return array($lasterror['message'],array(),''); } + $httpStatus=$http_response_header[0]; // eg. "HTTP/1.1 200 OK" + $responseHeaders=http_parse_headers($http_response_header); + return array($httpStatus,$responseHeaders,$data); + } + catch (Exception $e) // getHTTP *can* fail silentely (we don't care if the title cannot be fetched) + { + return array($e->getMessage(),'',''); + } } // Extract title from an HTML document. @@ -546,8 +566,9 @@ function renderPage() if (isset($_GET['addtag'])) { // Get previous URL (http_referer) and add the tag to the searchtags parameters in query. + if (empty($_SERVER['HTTP_REFERER'])) { header('Location: ?searchtags='.urlencode($_GET['addtag'])); exit; } // In case browser does not send HTTP_REFERER parse_str(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_QUERY), $params); - $params['searchtags'] = (empty($params['searchtags']) ? trim($_GET['addtag']) : trim($params['searchtags'].' '.$_GET['addtag'])); + $params['searchtags'] = (empty($params['searchtags']) ? trim($_GET['addtag']) : trim($params['searchtags'].' '.urlencode($_GET['addtag']))); unset($params['page']); // We also remove page (keeping the same page has no sense, since the results are different) header('Location: ?'.http_build_query($params)); exit; @@ -557,6 +578,7 @@ function renderPage() if (isset($_GET['removetag'])) { // Get previous URL (http_referer) and remove the tag from the searchtags parameters in query. + if (empty($_SERVER['HTTP_REFERER'])) { header('Location: ?'); exit; } // In case browser does not send HTTP_REFERER parse_str(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_QUERY), $params); if (isset($params['searchtags'])) { @@ -573,7 +595,7 @@ function renderPage() if (isset($_GET['linksperpage'])) { if (is_numeric($_GET['linksperpage'])) { $_SESSION['LINKS_PER_PAGE']=abs(intval($_GET['linksperpage'])); } - header('Location: '.$_SERVER['HTTP_REFERER']); + header('Location: '.(empty($_SERVER['HTTP_REFERER'])?'?':$_SERVER['HTTP_REFERER'])); exit; } @@ -644,7 +666,8 @@ HTML; // If we are called from the bookmarklet, we must close the popup: if (isset($_GET['source']) && $_GET['source']=='bookmarklet') { echo ''; exit; } - header('Location: '.$_POST['returnurl']); // After saving the link, redirect to the page the user was on. + $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' ); + header('Location: '.$returnurl); // After saving the link, redirect to the page the user was on. exit; } @@ -942,7 +965,7 @@ function templateLinkList() $tags=''; if ($link['tags']!='') foreach(explode(' ',$link['tags']) as $tag) { $tags.=''.htmlspecialchars($tag).' '; } $linklist.='
  • '.htmlspecialchars($title).''.$actions.'
    '; - if ($description!='') $linklist.='
    '.str_replace("\n",'
    ',htmlspecialchars($description)).'

    '; + if ($description!='') $linklist.='
    '.nl2br(htmlspecialchars($description)).'

    '; $linklist.=''.htmlspecialchars(linkdate2locale($link['linkdate'])).' - '.htmlspecialchars($link['url']).'
    '.$tags."
  • \n"; $i++; } @@ -1065,22 +1088,25 @@ HTML; // This function should NEVER be called if the file data/config.php exists. function install() { - // FIXME: check version of php ? - if (isset($_POST['setlogin']) && isset($_POST['setpassword']) && isset($_POST['settimezone'])) + if (!empty($_POST['setlogin']) && !empty($_POST['setpassword'])) { - if ($_POST['setlogin']!='' && $_POST['setpassword']!='' && in_array($_POST['settimezone'],timezone_identifiers_list())) - { // Everything is ok, let's create config file. - $salt=sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless. - $hash = sha1($_POST['setpassword'].$_POST['setlogin'].$salt); - $config=''; - file_put_contents(CONFIG_FILE,$config); - echo ''; - exit; - } - } + $tz=(empty($_POST['settimezone']) ? 'UTC':$_POST['settimezone']); + // Everything is ok, let's create config file. + $salt=sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless. + $hash = sha1($_POST['setpassword'].$_POST['setlogin'].$salt); + $config=''; + file_put_contents(CONFIG_FILE,$config); + echo ''; + exit; + } // Display config form: - $timezones=''; - foreach(timezone_identifiers_list() as $tz) $timezones.='\n"; + $timezoneselect=''; + if (function_exists('timezone_identifiers_list')) // because of old php version (5.1) which can be found on free.fr + { + $timezones=''; + foreach(timezone_identifiers_list() as $tz) $timezones.='\n"; + $timezoneselect='Timezone:

    '; + } echo <<Shaarli - Configuration

    Shaarli - Shaare your links...

    It looks like it's the first time you run Shaarli. Please chose a login/password and a timezone:
    Login:

    Password:

    -Timezone:

    +{$timezoneselect}
    HTML; exit; -- cgit v1.2.3