From bfe4f536bbfe03f38e0c801bfbd26587a2b64a7f Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sun, 1 Oct 2017 11:02:48 +0200 Subject: Add a version hash for asset loading to prevent browser's cache issue The hash is generated using the same salt as the one used for credentials (1 salt per instance) in order to avoid exposing the instance version. Fixes #965 --- application/ApplicationUtils.php | 15 +++++++++++++++ application/PageBuilder.php | 5 +++++ tpl/default/includes.html | 14 +++++++------- tpl/default/page.footer.html | 6 +++--- 4 files changed, 30 insertions(+), 10 deletions(-) diff --git a/application/ApplicationUtils.php b/application/ApplicationUtils.php index 85dcbeeb..20fec376 100644 --- a/application/ApplicationUtils.php +++ b/application/ApplicationUtils.php @@ -220,4 +220,19 @@ class ApplicationUtils return $errors; } + + /** + * Returns a salted hash representing the current Shaarli version. + * + * Useful for assets browser cache. + * + * @param string $currentVersion of Shaarli + * @param string $salt User personal salt, also used for the authentication + * + * @return string version hash + */ + public static function getVersionHash($currentVersion, $salt) + { + return hash_hmac('sha256', $currentVersion, $salt); + } } diff --git a/application/PageBuilder.php b/application/PageBuilder.php index 7a42400d..c91b662c 100644 --- a/application/PageBuilder.php +++ b/application/PageBuilder.php @@ -76,6 +76,10 @@ class PageBuilder $this->tpl->assign('searchcrits', $searchcrits); $this->tpl->assign('source', index_url($_SERVER)); $this->tpl->assign('version', shaarli_version); + $this->tpl->assign( + 'version_hash', + ApplicationUtils::getVersionHash(SHAARLI_VERSION, $this->conf->get('credentials.salt')) + ); $this->tpl->assign('scripturl', index_url($_SERVER)); $this->tpl->assign('privateonly', !empty($_SESSION['privateonly'])); // Show only private links? $this->tpl->assign('untaggedonly', !empty($_SESSION['untaggedonly'])); @@ -89,6 +93,7 @@ class PageBuilder $this->tpl->assign('feed_type', $this->conf->get('feed.show_atom', true) !== false ? 'atom' : 'rss'); $this->tpl->assign('hide_timestamps', $this->conf->get('privacy.hide_timestamps', false)); $this->tpl->assign('token', getToken($this->conf)); + if ($this->linkDB !== null) { $this->tpl->assign('tags', $this->linkDB->linksCountPerTag()); } diff --git a/tpl/default/includes.html b/tpl/default/includes.html index 0350ef66..80c08333 100644 --- a/tpl/default/includes.html +++ b/tpl/default/includes.html @@ -5,16 +5,16 @@ - - - - - - + + + + + + {if="is_file('data/user.css')"} {/if} {loop="$plugins_includes.css_files"} - + {/loop} \ No newline at end of file diff --git a/tpl/default/page.footer.html b/tpl/default/page.footer.html index 94f771a2..54b16e8a 100644 --- a/tpl/default/page.footer.html +++ b/tpl/default/page.footer.html @@ -27,6 +27,6 @@ {/loop} - - - + + + -- cgit v1.2.3 From b3e1f92e9cd0cae35bc726ca3a2356b4e631ccfa Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sun, 1 Oct 2017 11:09:12 +0200 Subject: Rename shaarli_version constant to uppercase --- application/PageBuilder.php | 4 ++-- application/Updater.php | 4 ++-- index.php | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/application/PageBuilder.php b/application/PageBuilder.php index c91b662c..291860ad 100644 --- a/application/PageBuilder.php +++ b/application/PageBuilder.php @@ -49,7 +49,7 @@ class PageBuilder try { $version = ApplicationUtils::checkUpdate( - shaarli_version, + SHAARLI_VERSION, $this->conf->get('resource.update_check'), $this->conf->get('updates.check_updates_interval'), $this->conf->get('updates.check_updates'), @@ -75,7 +75,7 @@ class PageBuilder } $this->tpl->assign('searchcrits', $searchcrits); $this->tpl->assign('source', index_url($_SERVER)); - $this->tpl->assign('version', shaarli_version); + $this->tpl->assign('version', SHAARLI_VERSION); $this->tpl->assign( 'version_hash', ApplicationUtils::getVersionHash(SHAARLI_VERSION, $this->conf->get('credentials.salt')) diff --git a/application/Updater.php b/application/Updater.php index 40a15906..72b2def0 100644 --- a/application/Updater.php +++ b/application/Updater.php @@ -398,7 +398,7 @@ class Updater */ public function updateMethodCheckUpdateRemoteBranch() { - if (shaarli_version === 'dev' || $this->conf->get('updates.check_updates_branch') === 'latest') { + if (SHAARLI_VERSION === 'dev' || $this->conf->get('updates.check_updates_branch') === 'latest') { return true; } @@ -413,7 +413,7 @@ class Updater $latestMajor = $matches[1]; // Get current major version digit - preg_match('/(\d+)\.\d+$/', shaarli_version, $matches); + preg_match('/(\d+)\.\d+$/', SHAARLI_VERSION, $matches); $currentMajor = $matches[1]; if ($currentMajor === $latestMajor) { diff --git a/index.php b/index.php index fb00a9fa..12ccceaf 100644 --- a/index.php +++ b/index.php @@ -88,7 +88,7 @@ try { exit; } -define('shaarli_version', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE)); +define('SHAARLI_VERSION', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE)); // Force cookie path (but do not change lifetime) $cookie = session_get_cookie_params(); -- cgit v1.2.3