From 684e662a58b02bde225e44d3677987b6fc3adf0b Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Wed, 18 May 2016 21:48:24 +0200 Subject: Replace $GLOBALS configuration with the configuration manager in the whole code base --- application/Updater.php | 30 +++++++++++++----------------- 1 file changed, 13 insertions(+), 17 deletions(-) (limited to 'application/Updater.php') diff --git a/application/Updater.php b/application/Updater.php index 58c13c07..6b92af3d 100644 --- a/application/Updater.php +++ b/application/Updater.php @@ -12,11 +12,6 @@ class Updater */ protected $doneUpdates; - /** - * @var array Shaarli's configuration array. - */ - protected $config; - /** * @var LinkDB instance. */ @@ -36,14 +31,12 @@ class Updater * Object constructor. * * @param array $doneUpdates Updates which are already done. - * @param array $config Shaarli's configuration array. * @param LinkDB $linkDB LinkDB instance. * @param boolean $isLoggedIn True if the user is logged in. */ - public function __construct($doneUpdates, $config, $linkDB, $isLoggedIn) + public function __construct($doneUpdates, $linkDB, $isLoggedIn) { $this->doneUpdates = $doneUpdates; - $this->config = $config; $this->linkDB = $linkDB; $this->isLoggedIn = $isLoggedIn; @@ -114,19 +107,21 @@ class Updater */ public function updateMethodMergeDeprecatedConfigFile() { - $config_file = $this->config['config']['CONFIG_FILE']; + $conf = ConfigManager::getInstance(); - if (is_file($this->config['config']['DATADIR'].'/options.php')) { - include $this->config['config']['DATADIR'].'/options.php'; + if (is_file($conf->get('config.DATADIR') . '/options.php')) { + include $conf->get('config.DATADIR') . '/options.php'; // Load GLOBALS into config + $allowedKeys = array_merge(ConfigPhp::$ROOT_KEYS); + $allowedKeys[] = 'config'; foreach ($GLOBALS as $key => $value) { - $this->config[$key] = $value; + if (in_array($key, $allowedKeys)) { + $conf->set($key, $value); + } } - $this->config['config']['CONFIG_FILE'] = $config_file; - writeConfig($this->config, $this->isLoggedIn); - - unlink($this->config['config']['DATADIR'].'/options.php'); + $conf->write($this->isLoggedIn); + unlink($conf->get('config.DATADIR').'/options.php'); } return true; @@ -137,13 +132,14 @@ class Updater */ public function updateMethodRenameDashTags() { + $conf = ConfigManager::getInstance(); $linklist = $this->linkDB->filterSearch(); foreach ($linklist as $link) { $link['tags'] = preg_replace('/(^| )\-/', '$1', $link['tags']); $link['tags'] = implode(' ', array_unique(LinkFilter::tagsStrToArray($link['tags'], true))); $this->linkDB[$link['linkdate']] = $link; } - $this->linkDB->savedb($this->config['config']['PAGECACHE']); + $this->linkDB->savedb($conf->get('config.PAGECACHE')); return true; } } -- cgit v1.2.3 From b74b96bfbd0b778ac50fd17f5e107c51435b1678 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sun, 29 May 2016 12:32:14 +0200 Subject: Adds ConfigJson which handle the configuration in JSON format. Also use the Updater to make the transition --- application/Updater.php | 43 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) (limited to 'application/Updater.php') diff --git a/application/Updater.php b/application/Updater.php index 6b92af3d..8552850c 100644 --- a/application/Updater.php +++ b/application/Updater.php @@ -142,6 +142,48 @@ class Updater $this->linkDB->savedb($conf->get('config.PAGECACHE')); return true; } + + /** + * Move old configuration in PHP to the new config system in JSON format. + * + * Will rename 'config.php' into 'config.save.php' and create 'config.json'. + */ + public function updateMethodConfigToJson() + { + $conf = ConfigManager::getInstance(); + + // JSON config already exists, nothing to do. + if ($conf->getConfigIO() instanceof ConfigJson) { + return true; + } + + $configPhp = new ConfigPhp(); + $configJson = new ConfigJson(); + $oldConfig = $configPhp->read($conf::$CONFIG_FILE . '.php'); + rename($conf->getConfigFile(), $conf::$CONFIG_FILE . '.save.php'); + $conf->setConfigIO($configJson); + $conf->reload(); + + foreach (ConfigPhp::$ROOT_KEYS as $key) { + $conf->set($key, $oldConfig[$key]); + } + + // Set sub config keys (config and plugins) + $subConfig = array('config', 'plugins'); + foreach ($subConfig as $sub) { + foreach ($oldConfig[$sub] as $key => $value) { + $conf->set($sub .'.'. $key, $value); + } + } + + try{ + $conf->write($this->isLoggedIn); + return true; + } catch (IOException $e) { + error_log($e->getMessage()); + return false; + } + } } /** @@ -199,7 +241,6 @@ class UpdaterException extends Exception } } - /** * Read the updates file, and return already done updates. * -- cgit v1.2.3 From da10377b3c263d96a46cf9101c202554343d2cd0 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sun, 29 May 2016 16:10:32 +0200 Subject: Rename configuration keys and fix GLOBALS in templates --- application/Updater.php | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) (limited to 'application/Updater.php') diff --git a/application/Updater.php b/application/Updater.php index 8552850c..31630ff5 100644 --- a/application/Updater.php +++ b/application/Updater.php @@ -109,8 +109,8 @@ class Updater { $conf = ConfigManager::getInstance(); - if (is_file($conf->get('config.DATADIR') . '/options.php')) { - include $conf->get('config.DATADIR') . '/options.php'; + if (is_file($conf->get('path.data_dir') . '/options.php')) { + include $conf->get('path.data_dir') . '/options.php'; // Load GLOBALS into config $allowedKeys = array_merge(ConfigPhp::$ROOT_KEYS); @@ -121,7 +121,7 @@ class Updater } } $conf->write($this->isLoggedIn); - unlink($conf->get('config.DATADIR').'/options.php'); + unlink($conf->get('path.data_dir').'/options.php'); } return true; @@ -139,14 +139,15 @@ class Updater $link['tags'] = implode(' ', array_unique(LinkFilter::tagsStrToArray($link['tags'], true))); $this->linkDB[$link['linkdate']] = $link; } - $this->linkDB->savedb($conf->get('config.PAGECACHE')); + $this->linkDB->savedb($conf->get('path.page_cache')); return true; } /** * Move old configuration in PHP to the new config system in JSON format. * - * Will rename 'config.php' into 'config.save.php' and create 'config.json'. + * Will rename 'config.php' into 'config.save.php' and create 'config.json.php'. + * It will also convert legacy setting keys to the new ones. */ public function updateMethodConfigToJson() { @@ -164,15 +165,21 @@ class Updater $conf->setConfigIO($configJson); $conf->reload(); + $legacyMap = array_flip(ConfigPhp::$LEGACY_KEYS_MAPPING); foreach (ConfigPhp::$ROOT_KEYS as $key) { - $conf->set($key, $oldConfig[$key]); + $conf->set($legacyMap[$key], $oldConfig[$key]); } // Set sub config keys (config and plugins) $subConfig = array('config', 'plugins'); foreach ($subConfig as $sub) { foreach ($oldConfig[$sub] as $key => $value) { - $conf->set($sub .'.'. $key, $value); + if (isset($legacyMap[$sub .'.'. $key])) { + $configKey = $legacyMap[$sub .'.'. $key]; + } else { + $configKey = $sub .'.'. $key; + } + $conf->set($configKey, $value); } } -- cgit v1.2.3 From 7f179985b497053c59338667fe49c390aa626ab7 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Mon, 30 May 2016 20:15:36 +0200 Subject: Remove remaining settings initialization in index.php Except for those which require external data (timezone and $_SERVER). --- application/Updater.php | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'application/Updater.php') diff --git a/application/Updater.php b/application/Updater.php index 31630ff5..db2144fe 100644 --- a/application/Updater.php +++ b/application/Updater.php @@ -191,6 +191,29 @@ class Updater return false; } } + + /** + * Escape settings which have been manually escaped in every request in previous versions: + * - general.title + * - general.header_link + * - extras.redirector + * + * @return bool true if the update is successful, false otherwise. + */ + public function escapeUnescapedConfig() + { + $conf = ConfigManager::getInstance(); + try { + $conf->set('general.title', escape($conf->get('general.title'))); + $conf->set('general.header_link', escape($conf->get('general.header_link'))); + $conf->set('extras.redirector', escape($conf->get('extras.redirector'))); + $conf->write($this->isLoggedIn); + } catch (Exception $e) { + error_log($e->getMessage()); + return false; + } + return true; + } } /** -- cgit v1.2.3 From 278d9ee2836df7d805845077f26f8cecd16f0f4f Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Thu, 9 Jun 2016 20:04:02 +0200 Subject: ConfigManager no longer uses singleton pattern --- application/Updater.php | 57 +++++++++++++++++++++++++------------------------ 1 file changed, 29 insertions(+), 28 deletions(-) (limited to 'application/Updater.php') diff --git a/application/Updater.php b/application/Updater.php index db2144fe..b8940e41 100644 --- a/application/Updater.php +++ b/application/Updater.php @@ -17,6 +17,11 @@ class Updater */ protected $linkDB; + /** + * @var ConfigManager $conf Configuration Manager instance. + */ + protected $conf; + /** * @var bool True if the user is logged in, false otherwise. */ @@ -30,14 +35,16 @@ class Updater /** * Object constructor. * - * @param array $doneUpdates Updates which are already done. - * @param LinkDB $linkDB LinkDB instance. - * @param boolean $isLoggedIn True if the user is logged in. + * @param array $doneUpdates Updates which are already done. + * @param LinkDB $linkDB LinkDB instance. + * @oaram ConfigManager $conf Configuration Manager instance. + * @param boolean $isLoggedIn True if the user is logged in. */ - public function __construct($doneUpdates, $linkDB, $isLoggedIn) + public function __construct($doneUpdates, $linkDB, $conf, $isLoggedIn) { $this->doneUpdates = $doneUpdates; $this->linkDB = $linkDB; + $this->conf = $conf; $this->isLoggedIn = $isLoggedIn; // Retrieve all update methods. @@ -107,21 +114,19 @@ class Updater */ public function updateMethodMergeDeprecatedConfigFile() { - $conf = ConfigManager::getInstance(); - - if (is_file($conf->get('path.data_dir') . '/options.php')) { - include $conf->get('path.data_dir') . '/options.php'; + if (is_file($this->conf->get('path.data_dir') . '/options.php')) { + include $this->conf->get('path.data_dir') . '/options.php'; // Load GLOBALS into config $allowedKeys = array_merge(ConfigPhp::$ROOT_KEYS); $allowedKeys[] = 'config'; foreach ($GLOBALS as $key => $value) { if (in_array($key, $allowedKeys)) { - $conf->set($key, $value); + $this->conf->set($key, $value); } } - $conf->write($this->isLoggedIn); - unlink($conf->get('path.data_dir').'/options.php'); + $this->conf->write($this->isLoggedIn); + unlink($this->conf->get('path.data_dir').'/options.php'); } return true; @@ -132,14 +137,13 @@ class Updater */ public function updateMethodRenameDashTags() { - $conf = ConfigManager::getInstance(); $linklist = $this->linkDB->filterSearch(); foreach ($linklist as $link) { $link['tags'] = preg_replace('/(^| )\-/', '$1', $link['tags']); $link['tags'] = implode(' ', array_unique(LinkFilter::tagsStrToArray($link['tags'], true))); $this->linkDB[$link['linkdate']] = $link; } - $this->linkDB->savedb($conf->get('path.page_cache')); + $this->linkDB->savedb($this->conf->get('path.page_cache')); return true; } @@ -151,23 +155,21 @@ class Updater */ public function updateMethodConfigToJson() { - $conf = ConfigManager::getInstance(); - // JSON config already exists, nothing to do. - if ($conf->getConfigIO() instanceof ConfigJson) { + if ($this->conf->getConfigIO() instanceof ConfigJson) { return true; } $configPhp = new ConfigPhp(); $configJson = new ConfigJson(); - $oldConfig = $configPhp->read($conf::$CONFIG_FILE . '.php'); - rename($conf->getConfigFile(), $conf::$CONFIG_FILE . '.save.php'); - $conf->setConfigIO($configJson); - $conf->reload(); + $oldConfig = $configPhp->read($this->conf->getConfigFile() . '.php'); + rename($this->conf->getConfigFileExt(), $this->conf->getConfigFile() . '.save.php'); + $this->conf->setConfigIO($configJson); + $this->conf->reload(); $legacyMap = array_flip(ConfigPhp::$LEGACY_KEYS_MAPPING); foreach (ConfigPhp::$ROOT_KEYS as $key) { - $conf->set($legacyMap[$key], $oldConfig[$key]); + $this->conf->set($legacyMap[$key], $oldConfig[$key]); } // Set sub config keys (config and plugins) @@ -179,12 +181,12 @@ class Updater } else { $configKey = $sub .'.'. $key; } - $conf->set($configKey, $value); + $this->conf->set($configKey, $value); } } try{ - $conf->write($this->isLoggedIn); + $this->conf->write($this->isLoggedIn); return true; } catch (IOException $e) { error_log($e->getMessage()); @@ -202,12 +204,11 @@ class Updater */ public function escapeUnescapedConfig() { - $conf = ConfigManager::getInstance(); try { - $conf->set('general.title', escape($conf->get('general.title'))); - $conf->set('general.header_link', escape($conf->get('general.header_link'))); - $conf->set('extras.redirector', escape($conf->get('extras.redirector'))); - $conf->write($this->isLoggedIn); + $this->conf->set('general.title', escape($this->conf->get('general.title'))); + $this->conf->set('general.header_link', escape($this->conf->get('general.header_link'))); + $this->conf->set('extras.redirector', escape($this->conf->get('extras.redirector'))); + $this->conf->write($this->isLoggedIn); } catch (Exception $e) { error_log($e->getMessage()); return false; -- cgit v1.2.3 From 894a3c4bf38d8dcadb6941049b9167e5101805bd Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sat, 11 Jun 2016 09:08:02 +0200 Subject: Rename configuration key for better sections --- application/Updater.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'application/Updater.php') diff --git a/application/Updater.php b/application/Updater.php index b8940e41..fd45d17f 100644 --- a/application/Updater.php +++ b/application/Updater.php @@ -114,8 +114,8 @@ class Updater */ public function updateMethodMergeDeprecatedConfigFile() { - if (is_file($this->conf->get('path.data_dir') . '/options.php')) { - include $this->conf->get('path.data_dir') . '/options.php'; + if (is_file($this->conf->get('resource.data_dir') . '/options.php')) { + include $this->conf->get('resource.data_dir') . '/options.php'; // Load GLOBALS into config $allowedKeys = array_merge(ConfigPhp::$ROOT_KEYS); @@ -126,7 +126,7 @@ class Updater } } $this->conf->write($this->isLoggedIn); - unlink($this->conf->get('path.data_dir').'/options.php'); + unlink($this->conf->get('resource.data_dir').'/options.php'); } return true; @@ -143,7 +143,7 @@ class Updater $link['tags'] = implode(' ', array_unique(LinkFilter::tagsStrToArray($link['tags'], true))); $this->linkDB[$link['linkdate']] = $link; } - $this->linkDB->savedb($this->conf->get('path.page_cache')); + $this->linkDB->savedb($this->conf->get('resource.page_cache')); return true; } @@ -207,7 +207,7 @@ class Updater try { $this->conf->set('general.title', escape($this->conf->get('general.title'))); $this->conf->set('general.header_link', escape($this->conf->get('general.header_link'))); - $this->conf->set('extras.redirector', escape($this->conf->get('extras.redirector'))); + $this->conf->set('redirector.url', escape($this->conf->get('redirector.url'))); $this->conf->write($this->isLoggedIn); } catch (Exception $e) { error_log($e->getMessage()); -- cgit v1.2.3 From b9f8b83790a57b55f7d12471460537a268a24642 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Tue, 2 Aug 2016 12:54:55 +0200 Subject: Fix update method escapeUnescapedConfig * Actually run it * unit tests Fixes #611 --- application/Updater.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'application/Updater.php') diff --git a/application/Updater.php b/application/Updater.php index fd45d17f..b6cbc56c 100644 --- a/application/Updater.php +++ b/application/Updater.php @@ -198,11 +198,11 @@ class Updater * Escape settings which have been manually escaped in every request in previous versions: * - general.title * - general.header_link - * - extras.redirector + * - redirector.url * * @return bool true if the update is successful, false otherwise. */ - public function escapeUnescapedConfig() + public function updateMethodEscapeUnescapedConfig() { try { $this->conf->set('general.title', escape($this->conf->get('general.title'))); -- cgit v1.2.3 From 7af9a41881ed0b9d44d18a0ce03a123a8441adf5 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Thu, 20 Oct 2016 11:31:52 +0200 Subject: Minor code cleanup: PHPDoc, spelling, unused variables, etc. --- application/Updater.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'application/Updater.php') diff --git a/application/Updater.php b/application/Updater.php index b6cbc56c..90913235 100644 --- a/application/Updater.php +++ b/application/Updater.php @@ -37,7 +37,7 @@ class Updater * * @param array $doneUpdates Updates which are already done. * @param LinkDB $linkDB LinkDB instance. - * @oaram ConfigManager $conf Configuration Manager instance. + * @param ConfigManager $conf Configuration Manager instance. * @param boolean $isLoggedIn True if the user is logged in. */ public function __construct($doneUpdates, $linkDB, $conf, $isLoggedIn) -- cgit v1.2.3 From f21abf329234ae4d5a1d56c5a9dd0bc11f80bac8 Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Thu, 20 Oct 2016 21:19:51 +0200 Subject: LinkDB: update datastore method names Relates to https://github.com/shaarli/Shaarli/issues/95 Signed-off-by: VirtualTam --- application/Updater.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'application/Updater.php') diff --git a/application/Updater.php b/application/Updater.php index 90913235..36eddd4f 100644 --- a/application/Updater.php +++ b/application/Updater.php @@ -143,7 +143,7 @@ class Updater $link['tags'] = implode(' ', array_unique(LinkFilter::tagsStrToArray($link['tags'], true))); $this->linkDB[$link['linkdate']] = $link; } - $this->linkDB->savedb($this->conf->get('resource.page_cache')); + $this->linkDB->save($this->conf->get('resource.page_cache')); return true; } -- cgit v1.2.3 From 1dc37f9cf8397e6050c4d5d981da263e6333a849 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Mon, 28 Nov 2016 16:14:33 +0100 Subject: Update method to use the new ID system, which replaces linkdate primary keys. creation and update dates are now DateTime objects. Since this update is very sensitve (changing the whole database), the datastore will be automatically backed up into the file datastore..php. --- application/Updater.php | 46 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 44 insertions(+), 2 deletions(-) (limited to 'application/Updater.php') diff --git a/application/Updater.php b/application/Updater.php index 36eddd4f..94b63990 100644 --- a/application/Updater.php +++ b/application/Updater.php @@ -138,10 +138,10 @@ class Updater public function updateMethodRenameDashTags() { $linklist = $this->linkDB->filterSearch(); - foreach ($linklist as $link) { + foreach ($linklist as $key => $link) { $link['tags'] = preg_replace('/(^| )\-/', '$1', $link['tags']); $link['tags'] = implode(' ', array_unique(LinkFilter::tagsStrToArray($link['tags'], true))); - $this->linkDB[$link['linkdate']] = $link; + $this->linkDB[$key] = $link; } $this->linkDB->save($this->conf->get('resource.page_cache')); return true; @@ -215,6 +215,48 @@ class Updater } return true; } + + /** + * Update the database to use the new ID system, which replaces linkdate primary keys. + * Also, creation and update dates are now DateTime objects. + * + * Since this update is very sensitve (changing the whole database), the datastore will be + * automatically backed up into the file datastore..php. + * + * @return bool true if the update is successful, false otherwise. + */ + public function updateMethodDatastoreIds() + { + // up to date database + if (isset($this->linkDB[0])) { + return true; + } + + $save = $this->conf->get('resource.data_dir') .'/datastore.'. date('YmdHis') .'.php'; + copy($this->conf->get('resource.datastore'), $save); + + $links = array(); + foreach ($this->linkDB as $offset => $value) { + $links[] = $value; + unset($this->linkDB[$offset]); + } + $links = array_reverse($links); + $cpt = 0; + foreach ($links as $l) { + $l['created'] = DateTime::createFromFormat('Ymd_His', $l['linkdate']); + if (! empty($l['updated'])) { + $l['updated'] = DateTime::createFromFormat('Ymd_His', $l['updated']); + } + unset($l['linkdate']); + $l['id'] = $cpt; + $this->linkDB[$cpt++] = $l; + } + + $this->linkDB->save($this->conf->get('resource.page_cache')); + $this->linkDB->reorder(); + + return true; + } } /** -- cgit v1.2.3 From 01878a75b93b9966f7366ea2937c118bbc3e459e Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Mon, 28 Nov 2016 16:16:44 +0100 Subject: Apply the new ID system accros the whole codebase --- application/Updater.php | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'application/Updater.php') diff --git a/application/Updater.php b/application/Updater.php index 94b63990..16c8c376 100644 --- a/application/Updater.php +++ b/application/Updater.php @@ -218,7 +218,7 @@ class Updater /** * Update the database to use the new ID system, which replaces linkdate primary keys. - * Also, creation and update dates are now DateTime objects. + * Also, creation and update dates are now DateTime objects (done by LinkDB). * * Since this update is very sensitve (changing the whole database), the datastore will be * automatically backed up into the file datastore..php. @@ -243,10 +243,6 @@ class Updater $links = array_reverse($links); $cpt = 0; foreach ($links as $l) { - $l['created'] = DateTime::createFromFormat('Ymd_His', $l['linkdate']); - if (! empty($l['updated'])) { - $l['updated'] = DateTime::createFromFormat('Ymd_His', $l['updated']); - } unset($l['linkdate']); $l['id'] = $cpt; $this->linkDB[$cpt++] = $l; -- cgit v1.2.3 From d592daea8343bb4dfecff5d97e93699581ccc58c Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Mon, 28 Nov 2016 18:24:15 +0100 Subject: Add a persistent 'shorturl' key to all links All existing link will keep their permalinks. New links will have smallhash generated with date+id. The purpose of this is to avoid collision between links due to their creation date. --- application/Updater.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'application/Updater.php') diff --git a/application/Updater.php b/application/Updater.php index 16c8c376..f0d02814 100644 --- a/application/Updater.php +++ b/application/Updater.php @@ -223,6 +223,9 @@ class Updater * Since this update is very sensitve (changing the whole database), the datastore will be * automatically backed up into the file datastore..php. * + * LinkDB also adds the field 'shorturl' with the precedent format (linkdate smallhash), + * which will be saved by this method. + * * @return bool true if the update is successful, false otherwise. */ public function updateMethodDatastoreIds() -- cgit v1.2.3 From 9ff17ae20effa5d54fd8481c19518123590e3bd0 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Mon, 27 Feb 2017 19:45:55 +0100 Subject: Add markdown_escape setting This setting allows to escape HTML in markdown rendering or not. The goal behind it is to avoid XSS issue in shared instances. More info: * the setting is set to true by default * it is set to false for anyone who already have the plugin enabled (avoid breaking existing entries) * improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof * mention the setting in the plugin README --- application/Updater.php | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'application/Updater.php') diff --git a/application/Updater.php b/application/Updater.php index f0d02814..555d4c25 100644 --- a/application/Updater.php +++ b/application/Updater.php @@ -256,6 +256,28 @@ class Updater return true; } + + /** + * * `markdown_escape` is a new setting, set to true as default. + * + * If the markdown plugin was already enabled, escaping is disabled to avoid + * breaking existing entries. + */ + public function updateMethodEscapeMarkdown() + { + if ($this->conf->exists('security.markdown_escape')) { + return true; + } + + if (in_array('markdown', $this->conf->get('general.enabled_plugins'))) { + $this->conf->set('security.markdown_escape', false); + } else { + $this->conf->set('security.markdown_escape', true); + } + $this->conf->write($this->isLoggedIn); + + return true; + } } /** -- cgit v1.2.3