From bfe4f536bbfe03f38e0c801bfbd26587a2b64a7f Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sun, 1 Oct 2017 11:02:48 +0200 Subject: Add a version hash for asset loading to prevent browser's cache issue The hash is generated using the same salt as the one used for credentials (1 salt per instance) in order to avoid exposing the instance version. Fixes #965 --- application/ApplicationUtils.php | 15 +++++++++++++++ application/PageBuilder.php | 5 +++++ 2 files changed, 20 insertions(+) (limited to 'application') diff --git a/application/ApplicationUtils.php b/application/ApplicationUtils.php index 85dcbeeb..20fec376 100644 --- a/application/ApplicationUtils.php +++ b/application/ApplicationUtils.php @@ -220,4 +220,19 @@ class ApplicationUtils return $errors; } + + /** + * Returns a salted hash representing the current Shaarli version. + * + * Useful for assets browser cache. + * + * @param string $currentVersion of Shaarli + * @param string $salt User personal salt, also used for the authentication + * + * @return string version hash + */ + public static function getVersionHash($currentVersion, $salt) + { + return hash_hmac('sha256', $currentVersion, $salt); + } } diff --git a/application/PageBuilder.php b/application/PageBuilder.php index 7a42400d..c91b662c 100644 --- a/application/PageBuilder.php +++ b/application/PageBuilder.php @@ -76,6 +76,10 @@ class PageBuilder $this->tpl->assign('searchcrits', $searchcrits); $this->tpl->assign('source', index_url($_SERVER)); $this->tpl->assign('version', shaarli_version); + $this->tpl->assign( + 'version_hash', + ApplicationUtils::getVersionHash(SHAARLI_VERSION, $this->conf->get('credentials.salt')) + ); $this->tpl->assign('scripturl', index_url($_SERVER)); $this->tpl->assign('privateonly', !empty($_SESSION['privateonly'])); // Show only private links? $this->tpl->assign('untaggedonly', !empty($_SESSION['untaggedonly'])); @@ -89,6 +93,7 @@ class PageBuilder $this->tpl->assign('feed_type', $this->conf->get('feed.show_atom', true) !== false ? 'atom' : 'rss'); $this->tpl->assign('hide_timestamps', $this->conf->get('privacy.hide_timestamps', false)); $this->tpl->assign('token', getToken($this->conf)); + if ($this->linkDB !== null) { $this->tpl->assign('tags', $this->linkDB->linksCountPerTag()); } -- cgit v1.2.3