From cf92b4dd1521241eefc58eaf6dcd202cd83969d8 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sat, 25 May 2019 15:52:27 +0200 Subject: Apply the new system (Bookmark + Service) to the whole code base See https://github.com/shaarli/Shaarli/issues/1307 --- application/render/PageBuilder.php | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) (limited to 'application/render/PageBuilder.php') diff --git a/application/render/PageBuilder.php b/application/render/PageBuilder.php index 3f86fc26..65e85aaf 100644 --- a/application/render/PageBuilder.php +++ b/application/render/PageBuilder.php @@ -5,7 +5,7 @@ namespace Shaarli\Render; use Exception; use RainTPL; use Shaarli\ApplicationUtils; -use Shaarli\Bookmark\LinkDB; +use Shaarli\Bookmark\BookmarkServiceInterface; use Shaarli\Config\ConfigManager; use Shaarli\Thumbnailer; @@ -34,9 +34,9 @@ class PageBuilder protected $session; /** - * @var LinkDB $linkDB instance. + * @var BookmarkServiceInterface $bookmarkService instance. */ - protected $linkDB; + protected $bookmarkService; /** * @var null|string XSRF token @@ -52,18 +52,18 @@ class PageBuilder * PageBuilder constructor. * $tpl is initialized at false for lazy loading. * - * @param ConfigManager $conf Configuration Manager instance (reference). - * @param array $session $_SESSION array - * @param LinkDB $linkDB instance. - * @param string $token Session token - * @param bool $isLoggedIn + * @param ConfigManager $conf Configuration Manager instance (reference). + * @param array $session $_SESSION array + * @param BookmarkServiceInterface $linkDB instance. + * @param string $token Session token + * @param bool $isLoggedIn */ public function __construct(&$conf, $session, $linkDB = null, $token = null, $isLoggedIn = false) { $this->tpl = false; $this->conf = $conf; $this->session = $session; - $this->linkDB = $linkDB; + $this->bookmarkService = $linkDB; $this->token = $token; $this->isLoggedIn = $isLoggedIn; } @@ -125,8 +125,8 @@ class PageBuilder $this->tpl->assign('language', $this->conf->get('translation.language')); - if ($this->linkDB !== null) { - $this->tpl->assign('tags', $this->linkDB->linksCountPerTag()); + if ($this->bookmarkService !== null) { + $this->tpl->assign('tags', $this->bookmarkService->bookmarksCountPerTag()); } $this->tpl->assign( @@ -141,6 +141,8 @@ class PageBuilder unset($_SESSION['warnings']); } + $this->tpl->assign('formatter', $this->conf->get('formatter', 'default')); + // To be removed with a proper theme configuration. $this->tpl->assign('conf', $this->conf); } -- cgit v1.2.3 From 6c50a6ccceecf54850e62c312ab2397b84d89ab4 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sat, 18 Jan 2020 17:50:11 +0100 Subject: Render login page through Slim controller --- application/render/PageBuilder.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'application/render/PageBuilder.php') diff --git a/application/render/PageBuilder.php b/application/render/PageBuilder.php index 65e85aaf..f4fefda8 100644 --- a/application/render/PageBuilder.php +++ b/application/render/PageBuilder.php @@ -199,6 +199,23 @@ class PageBuilder $this->tpl->draw($page); } + /** + * Render a specific page as string (using a template file). + * e.g. $pb->render('picwall'); + * + * @param string $page Template filename (without extension). + * + * @return string Processed template content + */ + public function render(string $page): string + { + if ($this->tpl === false) { + $this->initialize(); + } + + return $this->tpl->draw($page, true); + } + /** * Render a 404 page (uses the template : tpl/404.tpl) * usage: $PAGE->render404('The link was deleted') -- cgit v1.2.3 From ef00f9d2033f6de11e71bf3a909399cae6f73a9f Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Wed, 27 May 2020 13:35:48 +0200 Subject: Process password change controller through Slim --- application/render/PageBuilder.php | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) (limited to 'application/render/PageBuilder.php') diff --git a/application/render/PageBuilder.php b/application/render/PageBuilder.php index f4fefda8..264cd33b 100644 --- a/application/render/PageBuilder.php +++ b/application/render/PageBuilder.php @@ -7,6 +7,7 @@ use RainTPL; use Shaarli\ApplicationUtils; use Shaarli\Bookmark\BookmarkServiceInterface; use Shaarli\Config\ConfigManager; +use Shaarli\Security\SessionManager; use Shaarli\Thumbnailer; /** @@ -136,17 +137,28 @@ class PageBuilder $this->tpl->assign('thumbnails_width', $this->conf->get('thumbnails.width')); $this->tpl->assign('thumbnails_height', $this->conf->get('thumbnails.height')); - if (!empty($_SESSION['warnings'])) { - $this->tpl->assign('global_warnings', $_SESSION['warnings']); - unset($_SESSION['warnings']); - } - $this->tpl->assign('formatter', $this->conf->get('formatter', 'default')); // To be removed with a proper theme configuration. $this->tpl->assign('conf', $this->conf); } + protected function finalize(): void + { + // TODO: use the SessionManager + $messageKeys = [ + SessionManager::KEY_SUCCESS_MESSAGES, + SessionManager::KEY_WARNING_MESSAGES, + SessionManager::KEY_ERROR_MESSAGES + ]; + foreach ($messageKeys as $messageKey) { + if (!empty($_SESSION[$messageKey])) { + $this->tpl->assign('global_' . $messageKey, $_SESSION[$messageKey]); + unset($_SESSION[$messageKey]); + } + } + } + /** * The following assign() method is basically the same as RainTPL (except lazy loading) * @@ -196,6 +208,8 @@ class PageBuilder $this->initialize(); } + $this->finalize(); + $this->tpl->draw($page); } @@ -213,6 +227,8 @@ class PageBuilder $this->initialize(); } + $this->finalize(); + return $this->tpl->draw($page, true); } -- cgit v1.2.3 From 66063ed1a18d739b1a60bfb163d8656417a4c529 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sat, 30 May 2020 14:00:06 +0200 Subject: Process configure page through Slim controller --- application/render/PageBuilder.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'application/render/PageBuilder.php') diff --git a/application/render/PageBuilder.php b/application/render/PageBuilder.php index 264cd33b..d90ed58b 100644 --- a/application/render/PageBuilder.php +++ b/application/render/PageBuilder.php @@ -143,6 +143,10 @@ class PageBuilder $this->tpl->assign('conf', $this->conf); } + /** + * Affect variable after controller processing. + * Used for alert messages. + */ protected function finalize(): void { // TODO: use the SessionManager -- cgit v1.2.3 From 818b3193ffabec57501e3bdfa997206e3c0671ef Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sat, 13 Jun 2020 11:22:14 +0200 Subject: Explicitly define base and asset path in templates With the new routes, all pages are not all at the same folder level anymore (e.g. /shaare and /shaare/123), so we can't just use './' everywhere. The most consistent way to handle this is to prefix all path with the proper variable, and handle the actual path in controllers. --- application/render/PageBuilder.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'application/render/PageBuilder.php') diff --git a/application/render/PageBuilder.php b/application/render/PageBuilder.php index d90ed58b..2779eb90 100644 --- a/application/render/PageBuilder.php +++ b/application/render/PageBuilder.php @@ -149,6 +149,10 @@ class PageBuilder */ protected function finalize(): void { + //FIXME - DEV _ REMOVE ME + $this->assign('base_path', '/Shaarli'); + $this->assign('asset_path', '/Shaarli/tpl/default'); + // TODO: use the SessionManager $messageKeys = [ SessionManager::KEY_SUCCESS_MESSAGES, -- cgit v1.2.3 From 1a8ac737e52cb25a5c346232ee398f5908cee7d7 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Mon, 6 Jul 2020 08:04:35 +0200 Subject: Process main page (linklist) through Slim controller Including a bunch of improvements on the container, and helper used across new controllers. --- application/render/PageBuilder.php | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'application/render/PageBuilder.php') diff --git a/application/render/PageBuilder.php b/application/render/PageBuilder.php index 2779eb90..85e1d59d 100644 --- a/application/render/PageBuilder.php +++ b/application/render/PageBuilder.php @@ -69,6 +69,15 @@ class PageBuilder $this->isLoggedIn = $isLoggedIn; } + /** + * Reset current state of template rendering. + * Mostly useful for error handling. We remove everything, and display the error template. + */ + public function reset(): void + { + $this->tpl = false; + } + /** * Initialize all default tpl tags. */ -- cgit v1.2.3 From fabff3835da26e6c95cea56b2a01a03749dec7c8 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Wed, 22 Jul 2020 18:12:10 +0200 Subject: Move PHP and config init to dedicated file in order to keep index.php as minimal as possible --- application/render/PageBuilder.php | 20 -------------------- 1 file changed, 20 deletions(-) (limited to 'application/render/PageBuilder.php') diff --git a/application/render/PageBuilder.php b/application/render/PageBuilder.php index 85e1d59d..471724c0 100644 --- a/application/render/PageBuilder.php +++ b/application/render/PageBuilder.php @@ -158,10 +158,6 @@ class PageBuilder */ protected function finalize(): void { - //FIXME - DEV _ REMOVE ME - $this->assign('base_path', '/Shaarli'); - $this->assign('asset_path', '/Shaarli/tpl/default'); - // TODO: use the SessionManager $messageKeys = [ SessionManager::KEY_SUCCESS_MESSAGES, @@ -248,20 +244,4 @@ class PageBuilder return $this->tpl->draw($page, true); } - - /** - * Render a 404 page (uses the template : tpl/404.tpl) - * usage: $PAGE->render404('The link was deleted') - * - * @param string $message A message to display what is not found - */ - public function render404($message = '') - { - if (empty($message)) { - $message = t('The page you are trying to reach does not exist or has been deleted.'); - } - header($_SERVER['SERVER_PROTOCOL'] . ' ' . t('404 Not Found')); - $this->tpl->assign('error_message', $message); - $this->renderPage('404'); - } } -- cgit v1.2.3 From 9fbc42294e7667c5ef19cafa0d1fcfbc1c0f36a9 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sun, 26 Jul 2020 14:43:10 +0200 Subject: New basePath: fix officiel plugin paths and vintage template --- application/render/PageBuilder.php | 32 ++++++++++++-------------------- 1 file changed, 12 insertions(+), 20 deletions(-) (limited to 'application/render/PageBuilder.php') diff --git a/application/render/PageBuilder.php b/application/render/PageBuilder.php index 471724c0..7a716673 100644 --- a/application/render/PageBuilder.php +++ b/application/render/PageBuilder.php @@ -3,6 +3,7 @@ namespace Shaarli\Render; use Exception; +use exceptions\MissingBasePathException; use RainTPL; use Shaarli\ApplicationUtils; use Shaarli\Bookmark\BookmarkServiceInterface; @@ -156,7 +157,7 @@ class PageBuilder * Affect variable after controller processing. * Used for alert messages. */ - protected function finalize(): void + protected function finalize(string $basePath): void { // TODO: use the SessionManager $messageKeys = [ @@ -170,6 +171,14 @@ class PageBuilder unset($_SESSION[$messageKey]); } } + + $this->assign('base_path', $basePath); + $this->assign( + 'asset_path', + $basePath . '/' . + rtrim($this->conf->get('resource.raintpl_tpl', 'tpl'), '/') . '/' . + $this->conf->get('resource.theme', 'default') + ); } /** @@ -209,23 +218,6 @@ class PageBuilder return true; } - /** - * Render a specific page (using a template file). - * e.g. $pb->renderPage('picwall'); - * - * @param string $page Template filename (without extension). - */ - public function renderPage($page) - { - if ($this->tpl === false) { - $this->initialize(); - } - - $this->finalize(); - - $this->tpl->draw($page); - } - /** * Render a specific page as string (using a template file). * e.g. $pb->render('picwall'); @@ -234,13 +226,13 @@ class PageBuilder * * @return string Processed template content */ - public function render(string $page): string + public function render(string $page, string $basePath): string { if ($this->tpl === false) { $this->initialize(); } - $this->finalize(); + $this->finalize($basePath); return $this->tpl->draw($page, true); } -- cgit v1.2.3 From 816ffba74b8bebffc620af50994833d783207a50 Mon Sep 17 00:00:00 2001 From: Keith Carangelo Date: Sat, 29 Aug 2020 11:02:59 -0400 Subject: Added $links_per_page variable to template and display on default --- application/render/PageBuilder.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'application/render/PageBuilder.php') diff --git a/application/render/PageBuilder.php b/application/render/PageBuilder.php index 7a716673..21703639 100644 --- a/application/render/PageBuilder.php +++ b/application/render/PageBuilder.php @@ -149,6 +149,8 @@ class PageBuilder $this->tpl->assign('formatter', $this->conf->get('formatter', 'default')); + $this->tpl->assign('links_per_page', $_SESSION['LINKS_PER_PAGE']); + // To be removed with a proper theme configuration. $this->tpl->assign('conf', $this->conf); } -- cgit v1.2.3 From 4479aff18f4ff80e274b52548c08e9ed9379bd51 Mon Sep 17 00:00:00 2001 From: Keith Carangelo Date: Mon, 31 Aug 2020 09:20:03 -0400 Subject: Avoid using global variables Co-authored-by: ArthurHoaro --- application/render/PageBuilder.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'application/render/PageBuilder.php') diff --git a/application/render/PageBuilder.php b/application/render/PageBuilder.php index 21703639..c52e3b76 100644 --- a/application/render/PageBuilder.php +++ b/application/render/PageBuilder.php @@ -149,7 +149,7 @@ class PageBuilder $this->tpl->assign('formatter', $this->conf->get('formatter', 'default')); - $this->tpl->assign('links_per_page', $_SESSION['LINKS_PER_PAGE']); + $this->tpl->assign('links_per_page', $this->session['LINKS_PER_PAGE']); // To be removed with a proper theme configuration. $this->tpl->assign('conf', $this->conf); -- cgit v1.2.3 From 72fbbcd6794facea2cf06d9742359d190257b00f Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Tue, 6 Oct 2020 17:30:18 +0200 Subject: Security: fix multiple XSS vulnerabilities + fix search tags with special chars XSS vulnerabilities fixed in editlink, linklist, tag.cloud and tag.list. Also fixed tag search with special characters: urlencode function needs to be applied on raw data, before espaping, otherwise the rendered URL is wrong. --- application/render/PageBuilder.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'application/render/PageBuilder.php') diff --git a/application/render/PageBuilder.php b/application/render/PageBuilder.php index c52e3b76..41b357dd 100644 --- a/application/render/PageBuilder.php +++ b/application/render/PageBuilder.php @@ -137,7 +137,7 @@ class PageBuilder $this->tpl->assign('language', $this->conf->get('translation.language')); if ($this->bookmarkService !== null) { - $this->tpl->assign('tags', $this->bookmarkService->bookmarksCountPerTag()); + $this->tpl->assign('tags', escape($this->bookmarkService->bookmarksCountPerTag())); } $this->tpl->assign( -- cgit v1.2.3