From 9d4736a3e95332198896f97ecc8a83abb0cbe85b Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sat, 16 Dec 2017 12:36:59 +0100 Subject: Add a filter to only display public links When the key filter is clicked once, it only displays private link. When it is clicked on again, it becomes red and only public links are displayed. Another click and all links are displayed. The current visibility status is shown in the search banner Fixes #1030 --- index.php | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 9d5f25ea..60ac24ac 100644 --- a/index.php +++ b/index.php @@ -282,7 +282,7 @@ function logout() { unset($_SESSION['uid']); unset($_SESSION['ip']); unset($_SESSION['username']); - unset($_SESSION['privateonly']); + unset($_SESSION['visibility']); unset($_SESSION['untaggedonly']); } setcookie('shaarli_staySignedIn', FALSE, 0, WEB_PATH); @@ -800,7 +800,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager) // -------- Tag cloud if ($targetPage == Router::$PAGE_TAGCLOUD) { - $visibility = ! empty($_SESSION['privateonly']) ? 'private' : 'all'; + $visibility = ! empty($_SESSION['visibility']) ? $_SESSION['visibility'] : ''; $filteringTags = isset($_GET['searchtags']) ? explode(' ', $_GET['searchtags']) : []; $tags = $LINKSDB->linksCountPerTag($filteringTags, $visibility); @@ -845,7 +845,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager) // -------- Tag list if ($targetPage == Router::$PAGE_TAGLIST) { - $visibility = ! empty($_SESSION['privateonly']) ? 'private' : 'all'; + $visibility = ! empty($_SESSION['visibility']) ? $_SESSION['visibility'] : ''; $filteringTags = isset($_GET['searchtags']) ? explode(' ', $_GET['searchtags']) : []; $tags = $LINKSDB->linksCountPerTag($filteringTags, $visibility); foreach ($filteringTags as $tag) { @@ -1011,15 +1011,16 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager) } // -------- User wants to see only private links (toggle) - if (isset($_GET['privateonly'])) { - if (empty($_SESSION['privateonly'])) { - $_SESSION['privateonly'] = 1; // See only private links - } else { - unset($_SESSION['privateonly']); // See all links + if (isset($_GET['visibility'])) { + unset($_SESSION['visibility']); + if ($_GET['visibility'] === 'private') { + $_SESSION['visibility'] = 'private'; // See only private links + } else if ($_GET['visibility'] === 'public') { + $_SESSION['visibility'] = 'public'; // See only public links } if (! empty($_SERVER['HTTP_REFERER'])) { - $location = generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('privateonly')); + $location = generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('visibility')); } else { $location = '?'; } @@ -1667,7 +1668,7 @@ function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager) } } else { // Filter links according search parameters. - $visibility = ! empty($_SESSION['privateonly']) ? 'private' : 'all'; + $visibility = ! empty($_SESSION['visibility']) ? $_SESSION['visibility'] : ''; $request = [ 'searchtags' => $searchtags, 'searchterm' => $searchterm, @@ -1743,7 +1744,7 @@ function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager) 'result_count' => count($linksToDisplay), 'search_term' => $searchterm, 'search_tags' => $searchtags, - 'visibility' => ! empty($_SESSION['privateonly']) ? 'private' : '', + 'visibility' => ! empty($_SESSION['visibility']) ? $_SESSION['visibility'] : '', 'redirector' => $conf->get('redirector.url'), // Optional redirector URL. 'links' => $linkDisp, ); -- cgit v1.2.3 From d2f6d909e529898c43b32defb890ec8e2d6b72f5 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Wed, 24 Jan 2018 18:46:31 +0100 Subject: Public/private filter: use two separate buttons #1038 --- index.php | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 60ac24ac..8770b669 100644 --- a/index.php +++ b/index.php @@ -1012,11 +1012,21 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager) // -------- User wants to see only private links (toggle) if (isset($_GET['visibility'])) { - unset($_SESSION['visibility']); if ($_GET['visibility'] === 'private') { - $_SESSION['visibility'] = 'private'; // See only private links + // Visibility not set or not already private, set private, otherwise reset it + if (empty($_SESSION['visibility']) || $_SESSION['visibility'] !== 'private') { + // See only private links + $_SESSION['visibility'] = 'private'; + } else { + unset($_SESSION['visibility']); + } } else if ($_GET['visibility'] === 'public') { - $_SESSION['visibility'] = 'public'; // See only public links + if (empty($_SESSION['visibility']) || $_SESSION['visibility'] !== 'public') { + // See only public links + $_SESSION['visibility'] = 'public'; + } else { + unset($_SESSION['visibility']); + } } if (! empty($_SERVER['HTTP_REFERER'])) { -- cgit v1.2.3 From 50142efd1b4b826f60b1e5673dba5ccbe26e0108 Mon Sep 17 00:00:00 2001 From: kalvn Date: Thu, 1 Feb 2018 13:16:58 +0100 Subject: Executes daily hooks before creating columns. --- index.php | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index d57789e6..ae0ce8f0 100644 --- a/index.php +++ b/index.php @@ -611,6 +611,20 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager) $linksToDisplay[$key]['timestamp'] = $link['created']->getTimestamp(); } + $dayDate = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $day.'_000000'); + $data = array( + 'pagetitle' => $conf->get('general.title') .' - '. format_date($dayDate, false), + 'linksToDisplay' => $linksToDisplay, + 'day' => $dayDate->getTimestamp(), + 'dayDate' => $dayDate, + 'previousday' => $previousday, + 'nextday' => $nextday, + ); + + /* Hook is called before column construction so that plugins don't have + to deal with columns. */ + $pluginManager->executeHooks('render_daily', $data, array('loggedin' => isLoggedIn())); + /* We need to spread the articles on 3 columns. I did not want to use a JavaScript lib like http://masonry.desandro.com/ so I manually spread entries with a simple method: I roughly evaluate the @@ -618,7 +632,7 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager) */ $columns = array(array(), array(), array()); // Entries to display, for each column. $fill = array(0, 0, 0); // Rough estimate of columns fill. - foreach($linksToDisplay as $key => $link) { + foreach($data['linksToDisplay'] as $key => $link) { // Roughly estimate length of entry (by counting characters) // Title: 30 chars = 1 line. 1 line is 30 pixels height. // Description: 836 characters gives roughly 342 pixel height. @@ -634,18 +648,7 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager) $fill[$index] += $length; } - $dayDate = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $day.'_000000'); - $data = array( - 'pagetitle' => $conf->get('general.title') .' - '. format_date($dayDate, false), - 'linksToDisplay' => $linksToDisplay, - 'cols' => $columns, - 'day' => $dayDate->getTimestamp(), - 'dayDate' => $dayDate, - 'previousday' => $previousday, - 'nextday' => $nextday, - ); - - $pluginManager->executeHooks('render_daily', $data, array('loggedin' => isLoggedIn())); + $data['cols'] = $columns; foreach ($data as $key => $value) { $pageBuilder->assign($key, $value); -- cgit v1.2.3 From 44acf706812bc77812e6648c2cc28af36e172a14 Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Wed, 25 Oct 2017 23:03:31 +0200 Subject: Refactor login / ban authentication steps Relates to https://github.com/shaarli/Shaarli/issues/324 Added: - Add the `LoginManager` class to manage logins and bans Changed: - Refactor IP ban management - Simplify logic - Avoid using globals, inject dependencies Fixed: - Use `ban_duration` instead of `ban_after` when setting a new ban Signed-off-by: VirtualTam --- index.php | 116 +++++++++----------------------------------------------------- 1 file changed, 16 insertions(+), 100 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 067b8fcb..91c3f07e 100644 --- a/index.php +++ b/index.php @@ -78,6 +78,7 @@ require_once 'application/Updater.php'; use \Shaarli\Languages; use \Shaarli\ThemeUtils; use \Shaarli\Config\ConfigManager; +use \Shaarli\LoginManager; use \Shaarli\SessionManager; // Ensure the PHP version is supported @@ -122,6 +123,7 @@ if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli'])) } $conf = new ConfigManager(); +$loginManager = new LoginManager($GLOBALS, $conf); $sessionManager = new SessionManager($_SESSION, $conf); // LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead. @@ -293,108 +295,22 @@ function logout() { setcookie('shaarli_staySignedIn', FALSE, 0, WEB_PATH); } - -// ------------------------------------------------------------------------------------------ -// Brute force protection system -// Several consecutive failed logins will ban the IP address for 30 minutes. -if (!is_file($conf->get('resource.ban_file', 'data/ipbans.php'))) { - // FIXME! globals - file_put_contents( - $conf->get('resource.ban_file', 'data/ipbans.php'), - "array(),'BANS'=>array()),true).";\n?>" - ); -} -include $conf->get('resource.ban_file', 'data/ipbans.php'); -/** - * Signal a failed login. Will ban the IP if too many failures: - * - * @param ConfigManager $conf Configuration Manager instance. - */ -function ban_loginFailed($conf) -{ - $ip = $_SERVER['REMOTE_ADDR']; - $trusted = $conf->get('security.trusted_proxies', array()); - if (in_array($ip, $trusted)) { - $ip = getIpAddressFromProxy($_SERVER, $trusted); - if (!$ip) { - return; - } - } - $gb = $GLOBALS['IPBANS']; - if (! isset($gb['FAILURES'][$ip])) { - $gb['FAILURES'][$ip]=0; - } - $gb['FAILURES'][$ip]++; - if ($gb['FAILURES'][$ip] > ($conf->get('security.ban_after') - 1)) - { - $gb['BANS'][$ip] = time() + $conf->get('security.ban_after', 1800); - logm($conf->get('resource.log'), $_SERVER['REMOTE_ADDR'], 'IP address banned from login'); - } - $GLOBALS['IPBANS'] = $gb; - file_put_contents( - $conf->get('resource.ban_file', 'data/ipbans.php'), - "" - ); -} - -/** - * Signals a successful login. Resets failed login counter. - * - * @param ConfigManager $conf Configuration Manager instance. - */ -function ban_loginOk($conf) -{ - $ip = $_SERVER['REMOTE_ADDR']; - $gb = $GLOBALS['IPBANS']; - unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]); - $GLOBALS['IPBANS'] = $gb; - file_put_contents( - $conf->get('resource.ban_file', 'data/ipbans.php'), - "" - ); -} - -/** - * Checks if the user CAN login. If 'true', the user can try to login. - * - * @param ConfigManager $conf Configuration Manager instance. - * - * @return bool: true if the user is allowed to login. - */ -function ban_canLogin($conf) -{ - $ip=$_SERVER["REMOTE_ADDR"]; $gb=$GLOBALS['IPBANS']; - if (isset($gb['BANS'][$ip])) - { - // User is banned. Check if the ban has expired: - if ($gb['BANS'][$ip]<=time()) - { // Ban expired, user can try to login again. - logm($conf->get('resource.log'), $_SERVER['REMOTE_ADDR'], 'Ban lifted.'); - unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]); - file_put_contents( - $conf->get('resource.ban_file', 'data/ipbans.php'), - "" - ); - return true; // Ban has expired, user can login. - } - return false; // User is banned. - } - return true; // User is not banned. -} - // ------------------------------------------------------------------------------------------ // Process login form: Check if login/password is correct. if (isset($_POST['login'])) { - if (!ban_canLogin($conf)) die(t('I said: NO. You are banned for the moment. Go away.')); + if (! $loginManager->canLogin($_SERVER)) { + die(t('I said: NO. You are banned for the moment. Go away.')); + } if (isset($_POST['password']) && $sessionManager->checkToken($_POST['token']) && (check_auth($_POST['login'], $_POST['password'], $conf)) - ) { // Login/password is OK. - ban_loginOk($conf); + ) { + // Login/password is OK. + $loginManager->handleSuccessfulLogin($_SERVER); + // If user wants to keep the session cookie even after the browser closes: - if (!empty($_POST['longlastingsession'])) - { + if (!empty($_POST['longlastingsession'])) { $_SESSION['longlastingsession'] = 31536000; // (31536000 seconds = 1 year) $expiration = time() + $_SESSION['longlastingsession']; // calculate relative cookie expiration (1 year from now) setcookie('shaarli_staySignedIn', STAY_SIGNED_IN_TOKEN, $expiration, WEB_PATH); @@ -437,10 +353,8 @@ if (isset($_POST['login'])) } } header('Location: ?'); exit; - } - else - { - ban_loginFailed($conf); + } else { + $loginManager->handleFailedLogin($_SERVER); $redir = '&username='. urlencode($_POST['login']); if (isset($_GET['post'])) { $redir .= '&post=' . urlencode($_GET['post']); @@ -684,8 +598,9 @@ function showLinkList($PAGE, $LINKSDB, $conf, $pluginManager) { * @param LinkDB $LINKSDB * @param History $history instance * @param SessionManager $sessionManager SessionManager instance + * @param LoginManager $loginManager LoginManager instance */ -function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager) +function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $loginManager) { $updater = new Updater( read_updates_file($conf->get('resource.updates')), @@ -761,6 +676,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager) $PAGE->assign('returnurl',(isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']):'')); // add default state of the 'remember me' checkbox $PAGE->assign('remember_user_default', $conf->get('privacy.remember_user_default')); + $PAGE->assign('user_can_login', $loginManager->canLogin($_SERVER)); $PAGE->renderPage('loginform'); exit; } @@ -2330,7 +2246,7 @@ $response = $app->run(true); if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) { // We use UTF-8 for proper international characters handling. header('Content-Type: text/html; charset=utf-8'); - renderPage($conf, $pluginManager, $linkDb, $history, $sessionManager); + renderPage($conf, $pluginManager, $linkDb, $history, $sessionManager, $loginManager); } else { $app->respond($response); } -- cgit v1.2.3 From 980efd6cf895536a69ed679573d9be826776daa5 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Wed, 24 Jan 2018 19:38:03 +0100 Subject: Use a specific page title in all pages Also fixed a few French translation issues Fixes #954 #955 --- index.php | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 91c3f07e..bd34c0cd 100644 --- a/index.php +++ b/index.php @@ -573,6 +573,7 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager) $pageBuilder->assign($key, $value); } + $pageBuilder->assign('pagetitle', t('Daily') .' - '. $conf->get('general.title', 'Shaarli')); $pageBuilder->renderPage('daily'); exit; } @@ -677,6 +678,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, // add default state of the 'remember me' checkbox $PAGE->assign('remember_user_default', $conf->get('privacy.remember_user_default')); $PAGE->assign('user_can_login', $loginManager->canLogin($_SERVER)); + $PAGE->assign('pagetitle', t('Login') .' - '. $conf->get('general.title', 'Shaarli')); $PAGE->renderPage('loginform'); exit; } @@ -717,6 +719,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $PAGE->assign($key, $value); } + $PAGE->assign('pagetitle', t('Picture wall') .' - '. $conf->get('general.title', 'Shaarli')); $PAGE->renderPage('picwall'); exit; } @@ -752,8 +755,9 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, ); } + $searchTags = implode(' ', escape($filteringTags)); $data = array( - 'search_tags' => implode(' ', escape($filteringTags)), + 'search_tags' => $searchTags, 'tags' => $tagList, ); $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn())); @@ -762,6 +766,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $PAGE->assign($key, $value); } + $searchTags = ! empty($searchTags) ? $searchTags .' - ' : ''; + $PAGE->assign('pagetitle', $searchTags. t('Tag cloud') .' - '. $conf->get('general.title', 'Shaarli')); $PAGE->renderPage('tag.cloud'); exit; } @@ -782,8 +788,9 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, alphabetical_sort($tags, false, true); } + $searchTags = implode(' ', escape($filteringTags)); $data = [ - 'search_tags' => implode(' ', escape($filteringTags)), + 'search_tags' => $searchTags, 'tags' => $tags, ]; $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]); @@ -792,6 +799,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $PAGE->assign($key, $value); } + $searchTags = ! empty($searchTags) ? $searchTags .' - ' : ''; + $PAGE->assign('pagetitle', $searchTags . t('Tag list') .' - '. $conf->get('general.title', 'Shaarli')); $PAGE->renderPage('tag.list'); exit; } @@ -1016,6 +1025,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $PAGE->assign($key, $value); } + $PAGE->assign('pagetitle', t('Tools') .' - '. $conf->get('general.title', 'Shaarli')); $PAGE->renderPage('tools'); exit; } @@ -1059,6 +1069,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, } else // show the change password form. { + $PAGE->assign('pagetitle', t('Change password') .' - '. $conf->get('general.title', 'Shaarli')); $PAGE->renderPage('changepassword'); exit; } @@ -1131,6 +1142,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $PAGE->assign('api_secret', $conf->get('api.secret')); $PAGE->assign('languages', Languages::getAvailableLanguages()); $PAGE->assign('language', $conf->get('translation.language')); + $PAGE->assign('pagetitle', t('Configure') .' - '. $conf->get('general.title', 'Shaarli')); $PAGE->renderPage('configure'); exit; } @@ -1141,6 +1153,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, { if (empty($_POST['fromtag']) || (empty($_POST['totag']) && isset($_POST['renametag']))) { $PAGE->assign('fromtag', ! empty($_GET['fromtag']) ? escape($_GET['fromtag']) : ''); + $PAGE->assign('pagetitle', t('Manage tags') .' - '. $conf->get('general.title', 'Shaarli')); $PAGE->renderPage('changetag'); exit; } @@ -1167,6 +1180,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, // -------- User wants to add a link without using the bookmarklet: Show form. if ($targetPage == Router::$PAGE_ADDLINK) { + $PAGE->assign('pagetitle', t('Shaare a new link') .' - '. $conf->get('general.title', 'Shaarli')); $PAGE->renderPage('addlink'); exit; } @@ -1336,6 +1350,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $PAGE->assign($key, $value); } + $PAGE->assign('pagetitle', t('Edit') .' '. t('Shaare') .' - '. $conf->get('general.title', 'Shaarli')); $PAGE->renderPage('editlink'); exit; } @@ -1400,6 +1415,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $PAGE->assign($key, $value); } + $PAGE->assign('pagetitle', t('Shaare') .' - '. $conf->get('general.title', 'Shaarli')); $PAGE->renderPage('editlink'); exit; } @@ -1408,6 +1424,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, // Export links as a Netscape Bookmarks file if (empty($_GET['selection'])) { + $PAGE->assign('pagetitle', t('Export') .' - '. $conf->get('general.title', 'Shaarli')); $PAGE->renderPage('export'); exit; } @@ -1469,6 +1486,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, true ) ); + $PAGE->assign('pagetitle', t('Import') .' - '. $conf->get('general.title', 'Shaarli')); $PAGE->renderPage('import'); exit; } @@ -1517,6 +1535,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $PAGE->assign('enabledPlugins', $enabledPlugins); $PAGE->assign('disabledPlugins', $disabledPlugins); + $PAGE->assign('pagetitle', t('Plugin administration') .' - '. $conf->get('general.title', 'Shaarli')); $PAGE->renderPage('pluginsadmin'); exit; } @@ -1680,6 +1699,16 @@ function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager) // If there is only a single link, we change on-the-fly the title of the page. if (count($linksToDisplay) == 1) { $data['pagetitle'] = $linksToDisplay[$keys[0]]['title'] .' - '. $conf->get('general.title'); + } elseif (! empty($searchterm) || ! empty($searchtags)) { + $data['pagetitle'] = t('Search: '); + $data['pagetitle'] .= ! empty($searchterm) ? $searchterm .' ' : ''; + $bracketWrap = function ($tag) { + return '['. $tag .']'; + }; + $data['pagetitle'] .= ! empty($searchtags) + ? implode(' ', array_map($bracketWrap, preg_split('/\s+/', $searchtags))).' ' + : ''; + $data['pagetitle'] .= '- '. $conf->get('general.title'); } $pluginManager->executeHooks('render_linklist', $data, array('loggedin' => isLoggedIn())); -- cgit v1.2.3 From d2d4f993e1e76bc68b65c48cb18476c404c97a41 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Wed, 28 Feb 2018 22:34:40 +0100 Subject: PSR: use elseif instead of else if See https://www.php-fig.org/psr/psr-2/\#51-if-elseif-else --- index.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index bd34c0cd..3b8b52a7 100644 --- a/index.php +++ b/index.php @@ -887,7 +887,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, if (empty($params['searchtags'])) { $params['searchtags'] = trim($_GET['addtag']); } - else if ($addtag) { + elseif ($addtag) { $params['searchtags'] = trim($params['searchtags']).' '.trim($_GET['addtag']); } @@ -953,7 +953,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, } else { unset($_SESSION['visibility']); } - } else if ($_GET['visibility'] === 'public') { + } elseif ($_GET['visibility'] === 'public') { if (empty($_SESSION['visibility']) || $_SESSION['visibility'] !== 'public') { // See only public links $_SESSION['visibility'] = 'public'; -- cgit v1.2.3 From 4ff3ed1c47365d5b28f70cb2921b0ac0075612c3 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Wed, 28 Feb 2018 22:29:43 +0100 Subject: Make max download size and timeout configurable Fixes #1061 --- index.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'index.php') diff --git a/index.php b/index.php index bd34c0cd..f7722433 100644 --- a/index.php +++ b/index.php @@ -1376,7 +1376,12 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, if (empty($title) && strpos(get_url_scheme($url), 'http') !== false) { // Short timeout to keep the application responsive // The callback will fill $charset and $title with data from the downloaded page. - get_http_response($url, 25, 4194304, get_curl_download_callback($charset, $title)); + get_http_response( + $url, + $conf->get('general.download_max_size', 4194304), + $conf->get('general.download_timeout', 30), + get_curl_download_callback($charset, $title) + ); if (! empty($title) && strtolower($charset) != 'utf-8') { $title = mb_convert_encoding($title, 'utf-8', $charset); } -- cgit v1.2.3 From 15410df1131c10b835ca69a7cbf1f0119b1da374 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Tue, 13 Mar 2018 18:11:58 +0100 Subject: Fix warning when trying to save redictor setting from the configure page It has been removed from the web page. Fixes #1099 --- index.php | 2 -- 1 file changed, 2 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index f7f87d95..dbc2bb3b 100644 --- a/index.php +++ b/index.php @@ -1093,7 +1093,6 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $conf->set('general.title', escape($_POST['title'])); $conf->set('general.header_link', escape($_POST['titleLink'])); $conf->set('resource.theme', escape($_POST['theme'])); - $conf->set('redirector.url', escape($_POST['redirector'])); $conf->set('security.session_protection_disabled', !empty($_POST['disablesessionprotection'])); $conf->set('privacy.default_private_links', !empty($_POST['privateLinkByDefault'])); $conf->set('feed.rss_permalinks', !empty($_POST['enableRssPermalinks'])); @@ -1126,7 +1125,6 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $PAGE->assign('title', $conf->get('general.title')); $PAGE->assign('theme', $conf->get('resource.theme')); $PAGE->assign('theme_available', ThemeUtils::getThemes($conf->get('resource.raintpl_tpl'))); - $PAGE->assign('redirector', $conf->get('redirector.url')); list($continents, $cities) = generateTimeZoneData( timezone_identifiers_list(), $conf->get('general.timezone') -- cgit v1.2.3 From 8d2cac1be604accc884b4535788b3cae32b9b4d4 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Tue, 1 May 2018 16:40:08 +0200 Subject: Fix parameter order which was preventing max_dl parameter to work properly --- index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'index.php') diff --git a/index.php b/index.php index dbc2bb3b..2fe3f821 100644 --- a/index.php +++ b/index.php @@ -1376,8 +1376,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, // The callback will fill $charset and $title with data from the downloaded page. get_http_response( $url, - $conf->get('general.download_max_size', 4194304), $conf->get('general.download_timeout', 30), + $conf->get('general.download_max_size', 4194304), get_curl_download_callback($charset, $title) ); if (! empty($title) && strtolower($charset) != 'utf-8') { -- cgit v1.2.3 From 88110550b89617dcda16441212599b8a40faa20c Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Fri, 16 Feb 2018 21:51:44 +0100 Subject: Refactor client session hijacking protection Signed-off-by: VirtualTam --- index.php | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 2fe3f821..08a69327 100644 --- a/index.php +++ b/index.php @@ -207,7 +207,7 @@ function setup_login_state($conf) } // If session does not exist on server side, or IP address has changed, or session has expired, logout. if (empty($_SESSION['uid']) - || ($conf->get('security.session_protection_disabled') === false && $_SESSION['ip'] != allIPs()) + || ($conf->get('security.session_protection_disabled') === false && $_SESSION['ip'] != client_ip_id($_SERVER)) || time() >= $_SESSION['expires_on']) { logout(); @@ -231,16 +231,6 @@ $userIsLoggedIn = setup_login_state($conf); // ------------------------------------------------------------------------------------------ // Session management -// Returns the IP address of the client (Used to prevent session cookie hijacking.) -function allIPs() -{ - $ip = $_SERVER['REMOTE_ADDR']; - // Then we use more HTTP headers to prevent session hijacking from users behind the same proxy. - if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip=$ip.'_'.$_SERVER['HTTP_X_FORWARDED_FOR']; } - if (isset($_SERVER['HTTP_CLIENT_IP'])) { $ip=$ip.'_'.$_SERVER['HTTP_CLIENT_IP']; } - return $ip; -} - /** * Load user session. * @@ -249,7 +239,7 @@ function allIPs() function fillSessionInfo($conf) { $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // Generate unique random number (different than phpsessionid) - $_SESSION['ip']=allIPs(); // We store IP address(es) of the client to make sure session is not hijacked. + $_SESSION['ip'] = client_ip_id($_SERVER); $_SESSION['username']= $conf->get('credentials.login'); $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Set session expiration. } -- cgit v1.2.3 From db45a36a53dbd722e5e891827e49d9e7651f2a5e Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Fri, 16 Feb 2018 22:21:59 +0100 Subject: Refactor SessionManager::$INACTIVITY_TIMEOUT Changed: - move INACTIVITY_TIMEOUT to SessionManager - inject a dependency to a SessionManager instance in: - fillSessionInfo() - setup_login_state() - check_auth() - cleanup related code and comments Signed-off-by: VirtualTam --- index.php | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 08a69327..9cbc9241 100644 --- a/index.php +++ b/index.php @@ -101,8 +101,6 @@ if (dirname($_SERVER['SCRIPT_NAME']) != '/') { // Set default cookie expiration and path. session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['SERVER_NAME']); // Set session parameters on server side. -// If the user does not access any page within this time, his/her session is considered expired. -define('INACTIVITY_TIMEOUT', 3600); // in seconds. // Use cookies to store session. ini_set('session.use_cookies', 1); // Force cookies for session (phpsessionID forbidden in URL). @@ -183,11 +181,12 @@ define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['R /** * Checking session state (i.e. is the user still logged in) * - * @param ConfigManager $conf The configuration manager. + * @param ConfigManager $conf Configuration Manager instance. + * @param SessionManager $sessionManager SessionManager instance * - * @return bool: true if the user is logged in, false otherwise. + * @return bool true if the user is logged in, false otherwise. */ -function setup_login_state($conf) +function setup_login_state($conf, $sessionManager) { if ($conf->get('security.open_shaarli')) { return true; @@ -202,7 +201,7 @@ function setup_login_state($conf) $_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN && !$loginFailure) { - fillSessionInfo($conf); + fillSessionInfo($conf, $sessionManager); $userIsLoggedIn = true; } // If session does not exist on server side, or IP address has changed, or session has expired, logout. @@ -216,9 +215,8 @@ function setup_login_state($conf) } if (!empty($_SESSION['longlastingsession'])) { $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked. - } - else { - $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Standard session expiration date. + } else { + $_SESSION['expires_on'] = time() + $sessionManager::$INACTIVITY_TIMEOUT; } if (!$loginFailure) { $userIsLoggedIn = true; @@ -226,39 +224,42 @@ function setup_login_state($conf) return $userIsLoggedIn; } -$userIsLoggedIn = setup_login_state($conf); + +$userIsLoggedIn = setup_login_state($conf, $sessionManager); // ------------------------------------------------------------------------------------------ // Session management /** - * Load user session. + * Load user session * - * @param ConfigManager $conf Configuration Manager instance. + * @param ConfigManager $conf Configuration Manager instance. + * @param SessionManager $sessionManager SessionManager instance */ -function fillSessionInfo($conf) +function fillSessionInfo($conf, $sessionManager) { $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // Generate unique random number (different than phpsessionid) $_SESSION['ip'] = client_ip_id($_SERVER); $_SESSION['username']= $conf->get('credentials.login'); - $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Set session expiration. + $_SESSION['expires_on'] = time() + $sessionManager::$INACTIVITY_TIMEOUT; } /** * Check that user/password is correct. * - * @param string $login Username - * @param string $password User password - * @param ConfigManager $conf Configuration Manager instance. + * @param string $login Username + * @param string $password User password + * @param ConfigManager $conf Configuration Manager instance. + * @param SessionManager $sessionManager SessionManager instance * * @return bool: authentication successful or not. */ -function check_auth($login, $password, $conf) +function check_auth($login, $password, $conf, $sessionManager) { $hash = sha1($password . $login . $conf->get('credentials.salt')); - if ($login == $conf->get('credentials.login') && $hash == $conf->get('credentials.hash')) - { // Login/password is correct. - fillSessionInfo($conf); + if ($login == $conf->get('credentials.login') && $hash == $conf->get('credentials.hash')) { + // Login/password is correct. + fillSessionInfo($conf, $sessionManager); logm($conf->get('resource.log'), $_SERVER['REMOTE_ADDR'], 'Login successful'); return true; } @@ -287,14 +288,13 @@ function logout() { // ------------------------------------------------------------------------------------------ // Process login form: Check if login/password is correct. -if (isset($_POST['login'])) -{ +if (isset($_POST['login'])) { if (! $loginManager->canLogin($_SERVER)) { die(t('I said: NO. You are banned for the moment. Go away.')); } if (isset($_POST['password']) && $sessionManager->checkToken($_POST['token']) - && (check_auth($_POST['login'], $_POST['password'], $conf)) + && (check_auth($_POST['login'], $_POST['password'], $conf, $sessionManager)) ) { // Login/password is OK. $loginManager->handleSuccessfulLogin($_SERVER); -- cgit v1.2.3 From 49f183231662c642ca9df6ceabf43fe128a5ffc1 Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Sat, 17 Feb 2018 01:14:58 +0100 Subject: Refactor PHP session handling during login/logout Changed: - move $_SESSION handling to SessionManager - code cleanup Signed-off-by: VirtualTam --- index.php | 49 +++++++++++++------------------------------------ 1 file changed, 13 insertions(+), 36 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 9cbc9241..34785209 100644 --- a/index.php +++ b/index.php @@ -197,11 +197,11 @@ function setup_login_state($conf, $sessionManager) $userIsLoggedIn = false; // Shaarli is not configured yet. $loginFailure = true; } - if (isset($_COOKIE['shaarli_staySignedIn']) && - $_COOKIE['shaarli_staySignedIn']===STAY_SIGNED_IN_TOKEN && - !$loginFailure) - { - fillSessionInfo($conf, $sessionManager); + if (isset($_COOKIE[SessionManager::$LOGGED_IN_COOKIE]) + && $_COOKIE[SessionManager::$LOGGED_IN_COOKIE] === STAY_SIGNED_IN_TOKEN + && !$loginFailure + ) { + $sessionManager->storeLoginInfo($_SERVER); $userIsLoggedIn = true; } // If session does not exist on server side, or IP address has changed, or session has expired, logout. @@ -209,7 +209,7 @@ function setup_login_state($conf, $sessionManager) || ($conf->get('security.session_protection_disabled') === false && $_SESSION['ip'] != client_ip_id($_SERVER)) || time() >= $_SESSION['expires_on']) { - logout(); + $sessionManager->logout(WEB_PATH); $userIsLoggedIn = false; $loginFailure = true; } @@ -230,20 +230,6 @@ $userIsLoggedIn = setup_login_state($conf, $sessionManager); // ------------------------------------------------------------------------------------------ // Session management -/** - * Load user session - * - * @param ConfigManager $conf Configuration Manager instance. - * @param SessionManager $sessionManager SessionManager instance - */ -function fillSessionInfo($conf, $sessionManager) -{ - $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // Generate unique random number (different than phpsessionid) - $_SESSION['ip'] = client_ip_id($_SERVER); - $_SESSION['username']= $conf->get('credentials.login'); - $_SESSION['expires_on'] = time() + $sessionManager::$INACTIVITY_TIMEOUT; -} - /** * Check that user/password is correct. * @@ -259,7 +245,7 @@ function check_auth($login, $password, $conf, $sessionManager) $hash = sha1($password . $login . $conf->get('credentials.salt')); if ($login == $conf->get('credentials.login') && $hash == $conf->get('credentials.hash')) { // Login/password is correct. - fillSessionInfo($conf, $sessionManager); + $sessionManager->storeLoginInfo($_SERVER); logm($conf->get('resource.log'), $_SERVER['REMOTE_ADDR'], 'Login successful'); return true; } @@ -274,18 +260,6 @@ function isLoggedIn() return $userIsLoggedIn; } -// Force logout. -function logout() { - if (isset($_SESSION)) { - unset($_SESSION['uid']); - unset($_SESSION['ip']); - unset($_SESSION['username']); - unset($_SESSION['visibility']); - unset($_SESSION['untaggedonly']); - } - setcookie('shaarli_staySignedIn', FALSE, 0, WEB_PATH); -} - // ------------------------------------------------------------------------------------------ // Process login form: Check if login/password is correct. if (isset($_POST['login'])) { @@ -303,10 +277,13 @@ if (isset($_POST['login'])) { if (!empty($_POST['longlastingsession'])) { $_SESSION['longlastingsession'] = 31536000; // (31536000 seconds = 1 year) $expiration = time() + $_SESSION['longlastingsession']; // calculate relative cookie expiration (1 year from now) - setcookie('shaarli_staySignedIn', STAY_SIGNED_IN_TOKEN, $expiration, WEB_PATH); + setcookie($sessionManager::$LOGGED_IN_COOKIE, STAY_SIGNED_IN_TOKEN, $expiration, WEB_PATH); $_SESSION['expires_on'] = $expiration; // Set session expiration on server-side. - $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; + $cookiedir = ''; + if (dirname($_SERVER['SCRIPT_NAME']) != '/') { + $cookiedir = dirname($_SERVER["SCRIPT_NAME"]) . '/'; + } session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['SERVER_NAME']); // Set session cookie expiration on client side // Note: Never forget the trailing slash on the cookie path! session_regenerate_id(true); // Send cookie with new expiration date to browser. @@ -676,7 +653,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=logout')) { invalidateCaches($conf->get('resource.page_cache')); - logout(); + $sessionManager->logout(WEB_PATH); header('Location: ?'); exit; } -- cgit v1.2.3 From 63ea23c2a67d2a1cf6cda79fa2fe49a143571cde Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Sat, 17 Feb 2018 01:46:27 +0100 Subject: Refactor user credential validation at login time Changed: - move login/password verification to LoginManager - code cleanup Signed-off-by: VirtualTam --- index.php | 144 +++++++++++++++++--------------------------------------------- 1 file changed, 38 insertions(+), 106 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 34785209..5e15b9c2 100644 --- a/index.php +++ b/index.php @@ -121,8 +121,8 @@ if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli'])) } $conf = new ConfigManager(); -$loginManager = new LoginManager($GLOBALS, $conf); $sessionManager = new SessionManager($_SESSION, $conf); +$loginManager = new LoginManager($GLOBALS, $conf, $sessionManager); // LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead. if (! defined('LC_MESSAGES')) { @@ -178,88 +178,20 @@ if (! is_file($conf->getConfigFileExt())) { // a token depending of deployment salt, user password, and the current ip define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); -/** - * Checking session state (i.e. is the user still logged in) - * - * @param ConfigManager $conf Configuration Manager instance. - * @param SessionManager $sessionManager SessionManager instance - * - * @return bool true if the user is logged in, false otherwise. - */ -function setup_login_state($conf, $sessionManager) -{ - if ($conf->get('security.open_shaarli')) { - return true; - } - $userIsLoggedIn = false; // By default, we do not consider the user as logged in; - $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met. - if (! $conf->exists('credentials.login')) { - $userIsLoggedIn = false; // Shaarli is not configured yet. - $loginFailure = true; - } - if (isset($_COOKIE[SessionManager::$LOGGED_IN_COOKIE]) - && $_COOKIE[SessionManager::$LOGGED_IN_COOKIE] === STAY_SIGNED_IN_TOKEN - && !$loginFailure - ) { - $sessionManager->storeLoginInfo($_SERVER); - $userIsLoggedIn = true; - } - // If session does not exist on server side, or IP address has changed, or session has expired, logout. - if (empty($_SESSION['uid']) - || ($conf->get('security.session_protection_disabled') === false && $_SESSION['ip'] != client_ip_id($_SERVER)) - || time() >= $_SESSION['expires_on']) - { - $sessionManager->logout(WEB_PATH); - $userIsLoggedIn = false; - $loginFailure = true; - } - if (!empty($_SESSION['longlastingsession'])) { - $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked. - } else { - $_SESSION['expires_on'] = time() + $sessionManager::$INACTIVITY_TIMEOUT; - } - if (!$loginFailure) { - $userIsLoggedIn = true; - } - - return $userIsLoggedIn; -} - -$userIsLoggedIn = setup_login_state($conf, $sessionManager); - -// ------------------------------------------------------------------------------------------ -// Session management +$loginManager->checkLoginState($_SERVER, $_SESSION, $_COOKIE, WEB_PATH, STAY_SIGNED_IN_TOKEN); /** - * Check that user/password is correct. - * - * @param string $login Username - * @param string $password User password - * @param ConfigManager $conf Configuration Manager instance. - * @param SessionManager $sessionManager SessionManager instance + * Adapter function for PageBuilder * - * @return bool: authentication successful or not. + * TODO: update PageBuilder and tests */ -function check_auth($login, $password, $conf, $sessionManager) -{ - $hash = sha1($password . $login . $conf->get('credentials.salt')); - if ($login == $conf->get('credentials.login') && $hash == $conf->get('credentials.hash')) { - // Login/password is correct. - $sessionManager->storeLoginInfo($_SERVER); - logm($conf->get('resource.log'), $_SERVER['REMOTE_ADDR'], 'Login successful'); - return true; - } - logm($conf->get('resource.log'), $_SERVER['REMOTE_ADDR'], 'Login failed for user '.$login); - return false; -} - -// Returns true if the user is logged in. function isLoggedIn() { - global $userIsLoggedIn; - return $userIsLoggedIn; + global $loginManager; + return $loginManager->isLoggedIn(); } + // ------------------------------------------------------------------------------------------ // Process login form: Check if login/password is correct. if (isset($_POST['login'])) { @@ -268,7 +200,7 @@ if (isset($_POST['login'])) { } if (isset($_POST['password']) && $sessionManager->checkToken($_POST['token']) - && (check_auth($_POST['login'], $_POST['password'], $conf, $sessionManager)) + && $loginManager->checkCredentials($_SERVER, $_POST['login'], $_POST['password']) ) { // Login/password is OK. $loginManager->handleSuccessfulLogin($_SERVER); @@ -347,15 +279,16 @@ if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are atta * Gives the last 7 days (which have links). * This RSS feed cannot be filtered. * - * @param ConfigManager $conf Configuration Manager instance. + * @param ConfigManager $conf Configuration Manager instance + * @param LoginManager $loginManager LoginManager instance */ -function showDailyRSS($conf) { +function showDailyRSS($conf, $loginManager) { // Cache system $query = $_SERVER['QUERY_STRING']; $cache = new CachedPage( $conf->get('config.PAGE_CACHE'), page_url($_SERVER), - startsWith($query,'do=dailyrss') && !isLoggedIn() + startsWith($query,'do=dailyrss') && !$loginManager->isLoggedIn() ); $cached = $cache->cachedVersion(); if (!empty($cached)) { @@ -367,7 +300,7 @@ function showDailyRSS($conf) { // Read links from database (and filter private links if used it not logged in). $LINKSDB = new LinkDB( $conf->get('resource.datastore'), - isLoggedIn(), + $loginManager->isLoggedIn(), $conf->get('privacy.hide_public_links'), $conf->get('redirector.url'), $conf->get('redirector.encode_url') @@ -509,7 +442,7 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager) /* Hook is called before column construction so that plugins don't have to deal with columns. */ - $pluginManager->executeHooks('render_daily', $data, array('loggedin' => isLoggedIn())); + $pluginManager->executeHooks('render_daily', $data, array('loggedin' => $loginManager->isLoggedIn())); /* We need to spread the articles on 3 columns. I did not want to use a JavaScript lib like http://masonry.desandro.com/ @@ -553,8 +486,8 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager) * @param ConfigManager $conf Configuration Manager instance. * @param PluginManager $pluginManager Plugin Manager instance. */ -function showLinkList($PAGE, $LINKSDB, $conf, $pluginManager) { - buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager); // Compute list of links to display +function showLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager) { + buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager, $loginManager); $PAGE->renderPage('linklist'); } @@ -574,7 +507,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, read_updates_file($conf->get('resource.updates')), $LINKSDB, $conf, - isLoggedIn() + $loginManager->isLoggedIn() ); try { $newUpdates = $updater->update(); @@ -596,11 +529,11 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, // Determine which page will be rendered. $query = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : ''; - $targetPage = Router::findPage($query, $_GET, isLoggedIn()); + $targetPage = Router::findPage($query, $_GET, $loginManager->isLoggedIn()); if ( // if the user isn't logged in - !isLoggedIn() && + !$loginManager->isLoggedIn() && // and Shaarli doesn't have public content... $conf->get('privacy.hide_public_links') && // and is configured to enforce the login @@ -628,7 +561,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $pluginManager->executeHooks('render_' . $name, $plugin_data, array( 'target' => $targetPage, - 'loggedin' => isLoggedIn() + 'loggedin' => $loginManager->isLoggedIn() ) ); $PAGE->assign('plugins_' . $name, $plugin_data); @@ -680,7 +613,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $data = array( 'linksToDisplay' => $linksToDisplay, ); - $pluginManager->executeHooks('render_picwall', $data, array('loggedin' => isLoggedIn())); + $pluginManager->executeHooks('render_picwall', $data, array('loggedin' => $loginManager->isLoggedIn())); foreach ($data as $key => $value) { $PAGE->assign($key, $value); @@ -727,7 +660,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, 'search_tags' => $searchTags, 'tags' => $tagList, ); - $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn())); + $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => $loginManager->isLoggedIn())); foreach ($data as $key => $value) { $PAGE->assign($key, $value); @@ -760,7 +693,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, 'search_tags' => $searchTags, 'tags' => $tags, ]; - $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]); + $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => $loginManager->isLoggedIn()]); foreach ($data as $key => $value) { $PAGE->assign($key, $value); @@ -787,7 +720,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $cache = new CachedPage( $conf->get('resource.page_cache'), page_url($_SERVER), - startsWith($query,'do='. $targetPage) && !isLoggedIn() + startsWith($query,'do='. $targetPage) && !$loginManager->isLoggedIn() ); $cached = $cache->cachedVersion(); if (!empty($cached)) { @@ -796,15 +729,15 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, } // Generate data. - $feedGenerator = new FeedBuilder($LINKSDB, $feedType, $_SERVER, $_GET, isLoggedIn()); + $feedGenerator = new FeedBuilder($LINKSDB, $feedType, $_SERVER, $_GET, $loginManager->isLoggedIn()); $feedGenerator->setLocale(strtolower(setlocale(LC_COLLATE, 0))); - $feedGenerator->setHideDates($conf->get('privacy.hide_timestamps') && !isLoggedIn()); + $feedGenerator->setHideDates($conf->get('privacy.hide_timestamps') && !$loginManager->isLoggedIn()); $feedGenerator->setUsePermalinks(isset($_GET['permalinks']) || !$conf->get('feed.rss_permalinks')); $data = $feedGenerator->buildData(); // Process plugin hook. $pluginManager->executeHooks('render_feed', $data, array( - 'loggedin' => isLoggedIn(), + 'loggedin' => $loginManager->isLoggedIn(), 'target' => $targetPage, )); @@ -952,7 +885,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, } // -------- Handle other actions allowed for non-logged in users: - if (!isLoggedIn()) + if (!$loginManager->isLoggedIn()) { // User tries to post new link but is not logged in: // Show login screen, then redirect to ?post=... @@ -968,7 +901,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, exit; } - showLinkList($PAGE, $LINKSDB, $conf, $pluginManager); + showLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager); if (isset($_GET['edit_link'])) { header('Location: ?do=login&edit_link='. escape($_GET['edit_link'])); exit; @@ -1019,7 +952,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand())); $conf->set('credentials.hash', sha1($_POST['setpassword'] . $conf->get('credentials.login') . $conf->get('credentials.salt'))); try { - $conf->write(isLoggedIn()); + $conf->write($loginManager->isLoggedIn()); } catch(Exception $e) { error_log( @@ -1070,7 +1003,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $conf->set('translation.language', escape($_POST['language'])); try { - $conf->write(isLoggedIn()); + $conf->write($loginManager->isLoggedIn()); $history->updateSettings(); invalidateCaches($conf->get('resource.page_cache')); } @@ -1522,7 +1455,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, else { $conf->set('general.enabled_plugins', save_plugin_config($_POST)); } - $conf->write(isLoggedIn()); + $conf->write($loginManager->isLoggedIn()); $history->updateSettings(); } catch (Exception $e) { @@ -1547,7 +1480,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, } // -------- Otherwise, simply display search form and links: - showLinkList($PAGE, $LINKSDB, $conf, $pluginManager); + showLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager); exit; } @@ -1559,8 +1492,9 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, * @param LinkDB $LINKSDB LinkDB instance. * @param ConfigManager $conf Configuration Manager instance. * @param PluginManager $pluginManager Plugin Manager instance. + * @param LoginManager $loginManager LoginManager instance */ -function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager) +function buildLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager) { // Used in templates if (isset($_GET['searchtags'])) { @@ -1599,8 +1533,6 @@ function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager) $keys[] = $key; } - - // Select articles according to paging. $pagecount = ceil(count($keys) / $_SESSION['LINKS_PER_PAGE']); $pagecount = $pagecount == 0 ? 1 : $pagecount; @@ -1681,7 +1613,7 @@ function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager) $data['pagetitle'] .= '- '. $conf->get('general.title'); } - $pluginManager->executeHooks('render_linklist', $data, array('loggedin' => isLoggedIn())); + $pluginManager->executeHooks('render_linklist', $data, array('loggedin' => $loginManager->isLoggedIn())); foreach ($data as $key => $value) { $PAGE->assign($key, $value); @@ -1952,7 +1884,7 @@ function install($conf, $sessionManager) { ); try { // Everything is ok, let's create config file. - $conf->write(isLoggedIn()); + $conf->write($loginManager->isLoggedIn()); } catch(Exception $e) { error_log( @@ -2216,7 +2148,7 @@ try { $linkDb = new LinkDB( $conf->get('resource.datastore'), - isLoggedIn(), + $loginManager->isLoggedIn(), $conf->get('privacy.hide_public_links'), $conf->get('redirector.url'), $conf->get('redirector.encode_url') -- cgit v1.2.3 From 847420847455c1339f3302b1b67568ee0f382a11 Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Wed, 18 Apr 2018 23:09:45 +0200 Subject: Pass the client IP ID to LoginManager Signed-off-by: VirtualTam --- index.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 5e15b9c2..04b0e4ba 100644 --- a/index.php +++ b/index.php @@ -123,6 +123,7 @@ if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli'])) $conf = new ConfigManager(); $sessionManager = new SessionManager($_SESSION, $conf); $loginManager = new LoginManager($GLOBALS, $conf, $sessionManager); +$clientIpId = client_ip_id($_SERVER); // LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead. if (! defined('LC_MESSAGES')) { @@ -178,7 +179,7 @@ if (! is_file($conf->getConfigFileExt())) { // a token depending of deployment salt, user password, and the current ip define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); -$loginManager->checkLoginState($_SERVER, $_SESSION, $_COOKIE, WEB_PATH, STAY_SIGNED_IN_TOKEN); +$loginManager->checkLoginState($_SESSION, $_COOKIE, WEB_PATH, $clientIpId, STAY_SIGNED_IN_TOKEN); /** * Adapter function for PageBuilder @@ -200,7 +201,7 @@ if (isset($_POST['login'])) { } if (isset($_POST['password']) && $sessionManager->checkToken($_POST['token']) - && $loginManager->checkCredentials($_SERVER, $_POST['login'], $_POST['password']) + && $loginManager->checkCredentials($_SERVER['REMOTE_ADDR'], $clientIpId, $_POST['login'], $_POST['password']) ) { // Login/password is OK. $loginManager->handleSuccessfulLogin($_SERVER); -- cgit v1.2.3 From 89ccc83ba497fa91eaaf2a2a52d8549aea5e2aee Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Wed, 18 Apr 2018 23:45:05 +0200 Subject: Login: update PageBuilder and default/vintage templates Signed-off-by: VirtualTam --- index.php | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 04b0e4ba..c87ebf65 100644 --- a/index.php +++ b/index.php @@ -182,9 +182,11 @@ define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['R $loginManager->checkLoginState($_SESSION, $_COOKIE, WEB_PATH, $clientIpId, STAY_SIGNED_IN_TOKEN); /** - * Adapter function for PageBuilder + * Adapter function to ensure compatibility with third-party templates * - * TODO: update PageBuilder and tests + * @see https://github.com/shaarli/Shaarli/pull/1086 + * + * @return bool true when the user is logged in, false otherwise */ function isLoggedIn() { @@ -383,9 +385,10 @@ function showDailyRSS($conf, $loginManager) { * @param PageBuilder $pageBuilder Template engine wrapper. * @param LinkDB $LINKSDB LinkDB instance. * @param ConfigManager $conf Configuration Manager instance. - * @param PluginManager $pluginManager Plugin Manager instane. + * @param PluginManager $pluginManager Plugin Manager instance. + * @param LoginManager $loginManager Login Manager instance */ -function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager) +function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager, $loginManager) { $day = date('Ymd', strtotime('-1 day')); // Yesterday, in format YYYYMMDD. if (isset($_GET['day'])) { @@ -523,7 +526,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, die($e->getMessage()); } - $PAGE = new PageBuilder($conf, $LINKSDB, $sessionManager->generateToken()); + $PAGE = new PageBuilder($conf, $LINKSDB, $sessionManager->generateToken(), $loginManager->isLoggedIn()); $PAGE->assign('linkcount', count($LINKSDB)); $PAGE->assign('privateLinkcount', count_private($LINKSDB)); $PAGE->assign('plugin_errors', $pluginManager->getErrors()); @@ -708,7 +711,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, // Daily page. if ($targetPage == Router::$PAGE_DAILY) { - showDaily($PAGE, $LINKSDB, $conf, $pluginManager); + showDaily($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager); } // ATOM and RSS feed. -- cgit v1.2.3 From 68dcaccfa46649addc66674b627a83064798bbc0 Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Fri, 27 Apr 2018 22:00:35 +0200 Subject: LoginManager: remove unused parameter Signed-off-by: VirtualTam --- index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'index.php') diff --git a/index.php b/index.php index c87ebf65..30bfc170 100644 --- a/index.php +++ b/index.php @@ -179,7 +179,7 @@ if (! is_file($conf->getConfigFileExt())) { // a token depending of deployment salt, user password, and the current ip define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); -$loginManager->checkLoginState($_SESSION, $_COOKIE, WEB_PATH, $clientIpId, STAY_SIGNED_IN_TOKEN); +$loginManager->checkLoginState($_COOKIE, WEB_PATH, $clientIpId, STAY_SIGNED_IN_TOKEN); /** * Adapter function to ensure compatibility with third-party templates -- cgit v1.2.3 From fab87c2696b9d6a26310f1bfc024b018ca5184fe Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Fri, 27 Apr 2018 22:12:22 +0200 Subject: Move LoginManager and SessionManager to the Security namespace Signed-off-by: VirtualTam --- index.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 30bfc170..139812d7 100644 --- a/index.php +++ b/index.php @@ -78,8 +78,8 @@ require_once 'application/Updater.php'; use \Shaarli\Languages; use \Shaarli\ThemeUtils; use \Shaarli\Config\ConfigManager; -use \Shaarli\LoginManager; -use \Shaarli\SessionManager; +use \Shaarli\Security\LoginManager; +use \Shaarli\Security\SessionManager; // Ensure the PHP version is supported try { -- cgit v1.2.3 From 51f0128cdba52099c40693379e72f094b42a6f80 Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Fri, 27 Apr 2018 23:17:38 +0200 Subject: Refactor session and cookie timeout control Signed-off-by: VirtualTam --- index.php | 47 ++++++++++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 21 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 139812d7..8e3bade0 100644 --- a/index.php +++ b/index.php @@ -179,7 +179,7 @@ if (! is_file($conf->getConfigFileExt())) { // a token depending of deployment salt, user password, and the current ip define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); -$loginManager->checkLoginState($_COOKIE, WEB_PATH, $clientIpId, STAY_SIGNED_IN_TOKEN); +$loginManager->checkLoginState($_COOKIE, $clientIpId, STAY_SIGNED_IN_TOKEN); /** * Adapter function to ensure compatibility with third-party templates @@ -205,31 +205,35 @@ if (isset($_POST['login'])) { && $sessionManager->checkToken($_POST['token']) && $loginManager->checkCredentials($_SERVER['REMOTE_ADDR'], $clientIpId, $_POST['login'], $_POST['password']) ) { - // Login/password is OK. $loginManager->handleSuccessfulLogin($_SERVER); - // If user wants to keep the session cookie even after the browser closes: - if (!empty($_POST['longlastingsession'])) { - $_SESSION['longlastingsession'] = 31536000; // (31536000 seconds = 1 year) - $expiration = time() + $_SESSION['longlastingsession']; // calculate relative cookie expiration (1 year from now) - setcookie($sessionManager::$LOGGED_IN_COOKIE, STAY_SIGNED_IN_TOKEN, $expiration, WEB_PATH); - $_SESSION['expires_on'] = $expiration; // Set session expiration on server-side. - - $cookiedir = ''; - if (dirname($_SERVER['SCRIPT_NAME']) != '/') { - $cookiedir = dirname($_SERVER["SCRIPT_NAME"]) . '/'; - } - session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['SERVER_NAME']); // Set session cookie expiration on client side + $cookiedir = ''; + if (dirname($_SERVER['SCRIPT_NAME']) != '/') { // Note: Never forget the trailing slash on the cookie path! - session_regenerate_id(true); // Send cookie with new expiration date to browser. + $cookiedir = dirname($_SERVER["SCRIPT_NAME"]) . '/'; } - else // Standard session expiration (=when browser closes) - { - $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; - session_set_cookie_params(0,$cookiedir,$_SERVER['SERVER_NAME']); // 0 means "When browser closes" - session_regenerate_id(true); + + if (!empty($_POST['longlastingsession'])) { + // Keep the session cookie even after the browser closes + $sessionManager->setStaySignedIn(true); + $expirationTime = $sessionManager->extendSession(); + + setcookie( + $sessionManager::$LOGGED_IN_COOKIE, + STAY_SIGNED_IN_TOKEN, + $expirationTime, + WEB_PATH + ); + + } else { + // Standard session expiration (=when browser closes) + $expirationTime = 0; } + // Send cookie with the new expiration date to the browser + session_set_cookie_params($expirationTime, $cookiedir, $_SERVER['SERVER_NAME']); + session_regenerate_id(true); + // Optional redirect after login: if (isset($_GET['post'])) { $uri = '?post='. urlencode($_GET['post']); @@ -590,7 +594,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=logout')) { invalidateCaches($conf->get('resource.page_cache')); - $sessionManager->logout(WEB_PATH); + $sessionManager->logout(); + setcookie(SessionManager::$LOGGED_IN_COOKIE, 'false', 0, WEB_PATH); header('Location: ?'); exit; } -- cgit v1.2.3 From c689e108639a4f6aa9e15928422e14db7cbe30ca Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Sun, 6 May 2018 17:06:36 +0200 Subject: Refactor LoginManager stay-signed-in token management Signed-off-by: VirtualTam --- index.php | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 8e3bade0..c34434dd 100644 --- a/index.php +++ b/index.php @@ -123,6 +123,7 @@ if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli'])) $conf = new ConfigManager(); $sessionManager = new SessionManager($_SESSION, $conf); $loginManager = new LoginManager($GLOBALS, $conf, $sessionManager); +$loginManager->generateStaySignedInToken($_SERVER['REMOTE_ADDR']); $clientIpId = client_ip_id($_SERVER); // LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead. @@ -176,10 +177,7 @@ if (! is_file($conf->getConfigFileExt())) { install($conf, $sessionManager); } -// a token depending of deployment salt, user password, and the current ip -define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); - -$loginManager->checkLoginState($_COOKIE, $clientIpId, STAY_SIGNED_IN_TOKEN); +$loginManager->checkLoginState($_COOKIE, $clientIpId); /** * Adapter function to ensure compatibility with third-party templates @@ -219,8 +217,8 @@ if (isset($_POST['login'])) { $expirationTime = $sessionManager->extendSession(); setcookie( - $sessionManager::$LOGGED_IN_COOKIE, - STAY_SIGNED_IN_TOKEN, + $loginManager::$STAY_SIGNED_IN_COOKIE, + $loginManager->getStaySignedInToken(), $expirationTime, WEB_PATH ); @@ -595,7 +593,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, { invalidateCaches($conf->get('resource.page_cache')); $sessionManager->logout(); - setcookie(SessionManager::$LOGGED_IN_COOKIE, 'false', 0, WEB_PATH); + setcookie(LoginManager::$STAY_SIGNED_IN_COOKIE, 'false', 0, WEB_PATH); header('Location: ?'); exit; } -- cgit v1.2.3 From d3f42ca487287447efb81061609644108044a038 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sat, 19 May 2018 15:04:04 +0200 Subject: Implements Tags endpoints for Shaarli's REST API Endpoints: * List All Tags [GET] * Get a tag [GET] * Update a tag [PUT] * Delete a tag [DELETE] Fixes #904 References shaarli/api-documentation#34 --- index.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'index.php') diff --git a/index.php b/index.php index c34434dd..6dcec9b2 100644 --- a/index.php +++ b/index.php @@ -2175,6 +2175,12 @@ $app->group('/api/v1', function() { $this->post('/links', '\Shaarli\Api\Controllers\Links:postLink')->setName('postLink'); $this->put('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:putLink')->setName('putLink'); $this->delete('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:deleteLink')->setName('deleteLink'); + + $this->get('/tags', '\Shaarli\Api\Controllers\Tags:getTags')->setName('getTags'); + $this->get('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:getTag')->setName('getTag'); + $this->put('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:putTag')->setName('putTag'); + $this->delete('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:deleteTag')->setName('deleteTag'); + $this->get('/history', '\Shaarli\Api\Controllers\History:getHistory')->setName('getHistory'); })->add('\Shaarli\Api\ApiMiddleware'); -- cgit v1.2.3 From cad4251ad759ed28bd16eb3912239fb3c4a7e1e3 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Thu, 7 Jun 2018 19:58:58 +0200 Subject: Fixes an error during the install was out of scope --- index.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index c34434dd..89b181cb 100644 --- a/index.php +++ b/index.php @@ -174,7 +174,7 @@ if (! is_file($conf->getConfigFileExt())) { } // Display the installation form if no existing config is found - install($conf, $sessionManager); + install($conf, $sessionManager, $loginManager); } $loginManager->checkLoginState($_COOKIE, $clientIpId); @@ -1823,8 +1823,9 @@ function lazyThumbnail($conf, $url,$href=false) * * @param ConfigManager $conf Configuration Manager instance. * @param SessionManager $sessionManager SessionManager instance + * @param LoginManager $loginManager LoginManager instance */ -function install($conf, $sessionManager) { +function install($conf, $sessionManager, $loginManager) { // On free.fr host, make sure the /sessions directory exists, otherwise login will not work. if (endsWith($_SERVER['HTTP_HOST'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705); -- cgit v1.2.3 From 87f14312470ca51b936896b41413c96edfe3b18f Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Tue, 26 Jun 2018 22:18:51 +0200 Subject: Fix broken documentation links and list formatting Signed-off-by: VirtualTam --- index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'index.php') diff --git a/index.php b/index.php index 89b181cb..ddd5dbf5 100644 --- a/index.php +++ b/index.php @@ -48,7 +48,7 @@ if (! file_exists(__DIR__ . '/vendor/autoload.php')) { ."If you installed Shaarli through Git or using the development branch,\n" ."please refer to the installation documentation to install PHP" ." dependencies using Composer:\n" - ."- https://shaarli.readthedocs.io/en/master/Server-requirements/\n" + ."- https://shaarli.readthedocs.io/en/master/Server-configuration/\n" ."- https://shaarli.readthedocs.io/en/master/Download-and-Installation/"; exit; } -- cgit v1.2.3 From 1b93137e16694f52952c930848e1a7928e8a00a6 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Wed, 9 Nov 2016 18:57:02 +0100 Subject: Use web-thumbnailer to retrieve thumbnails * requires PHP 5.6 * use blazy on linklist since a lot more thumbs are retrieved * thumbnails can be disabled * thumbs size is now 120x120 * thumbs are now cropped to fit the expected size Fixes #345 #425 #487 #543 #588 #590 --- index.php | 490 +++++++++----------------------------------------------------- 1 file changed, 69 insertions(+), 421 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index ddd5dbf5..28dfd3b4 100644 --- a/index.php +++ b/index.php @@ -74,6 +74,7 @@ require_once 'application/Url.php'; require_once 'application/Utils.php'; require_once 'application/PluginManager.php'; require_once 'application/Router.php'; +require_once 'application/Thumbnailer.php'; require_once 'application/Updater.php'; use \Shaarli\Languages; use \Shaarli\ThemeUtils; @@ -601,22 +602,54 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, // -------- Picture wall if ($targetPage == Router::$PAGE_PICWALL) { + if (! $conf->get('thumbnails.enabled')) { + header('Location: ?'); + exit; + } + // Optionally filter the results: $links = $LINKSDB->filterSearch($_GET); $linksToDisplay = array(); + $thumbnailer = new Thumbnailer($conf); + + + $cpt = 0; // Get only links which have a thumbnail. foreach($links as $link) { $permalink='?'.$link['shorturl']; - $thumb=lazyThumbnail($conf, $link['url'],$permalink); - if ($thumb!='') // Only output links which have a thumbnail. - { - $link['thumbnail']=$thumb; // Thumbnail HTML code. - $linksToDisplay[]=$link; // Add to array. + // Not a note, + // and (never retrieved yet or no valid cache file) + if ($link['url'][0] != '?' + && (! isset($link['thumbnail']) || ($link['thumbnail'] !== false && ! is_file($link['thumbnail']))) + ) { + $link['thumbnail'] = $thumbnailer->get($link['url']); + // FIXME! we really need to get rid of ArrayAccess... + $item = $LINKSDB[$link['linkdate']]; + $item['thumbnail'] = $link['thumbnail']; + $LINKSDB[$link['linkdate']] = $item; + $updateDB = true; + $cpt++; + } + + if (isset($link['thumbnail']) && $link['thumbnail'] !== false) { + $linksToDisplay[] = $link; // Add to array. + } + + // If we retrieved new thumbnails, we update the database every 20 links. + // Downloading everything the first time may take a very long time + if (!empty($updateDB) && $cpt == 20) { + $LINKSDB->save($conf->get('resource.page_cache')); + $updateDB = false; + $cpt = 0; } } + if (!empty($updateDB)) { + $LINKSDB->save($conf->get('resource.page_cache')); + } + $data = array( 'linksToDisplay' => $linksToDisplay, ); @@ -1008,6 +1041,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $conf->set('api.enabled', !empty($_POST['enableApi'])); $conf->set('api.secret', escape($_POST['apiSecret'])); $conf->set('translation.language', escape($_POST['language'])); + $conf->set('thumbnails.enabled', !empty($_POST['enableThumbnails'])); try { $conf->write($loginManager->isLoggedIn()); @@ -1148,6 +1182,11 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $link['title'] = $link['url']; } + if ($conf->get('thumbnails.enabled')) { + $thumbnailer = new Thumbnailer($conf); + $link['thumbnail'] = $thumbnailer->get($url); + } + $pluginManager->executeHooks('save_link', $link); $LINKSDB[$id] = $link; @@ -1549,6 +1588,11 @@ function buildLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager) // Start index. $i = ($page-1) * $_SESSION['LINKS_PER_PAGE']; $end = $i + $_SESSION['LINKS_PER_PAGE']; + + if ($conf->get('thumbnails.enabled')) { + $thumbnailer = new Thumbnailer($conf); + } + $linkDisp = array(); while ($i<$end && $iget('thumbnails.enabled') && $link['url'][0] != '?' + && (! isset($link['thumbnail']) || ($link['thumbnail'] !== false && ! is_file($link['thumbnail']))) + ) { + $link['thumbnail'] = $thumbnailer->get($link['url']); + // FIXME! we really need to get rid of ArrayAccess... + $item = $LINKSDB[$keys[$i]]; + $item['thumbnail'] = $link['thumbnail']; + $LINKSDB[$keys[$i]] = $item; + $updateDB = true; + } + // Check for both signs of a note: starting with ? and 7 chars long. - if ($link['url'][0] === '?' && - strlen($link['url']) === 7) { + if ($link['url'][0] === '?' && strlen($link['url']) === 7) { $link['url'] = index_url($_SERVER) . $link['url']; } @@ -1579,6 +1636,11 @@ function buildLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager) $i++; } + // If we retrieved new thumbnails, we update the database. + if (!empty($updateDB)) { + $LINKSDB->save($conf->get('resource.page_cache')); + } + // Compute paging navigation $searchtagsUrl = $searchtags === '' ? '' : '&searchtags=' . urlencode($searchtags); $searchtermUrl = empty($searchterm) ? '' : '&searchterm=' . urlencode($searchterm); @@ -1629,194 +1691,6 @@ function buildLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager) return; } -/** - * Compute the thumbnail for a link. - * - * With a link to the original URL. - * Understands various services (youtube.com...) - * Input: $url = URL for which the thumbnail must be found. - * $href = if provided, this URL will be followed instead of $url - * Returns an associative array with thumbnail attributes (src,href,width,height,style,alt) - * Some of them may be missing. - * Return an empty array if no thumbnail available. - * - * @param ConfigManager $conf Configuration Manager instance. - * @param string $url - * @param string|bool $href - * - * @return array - */ -function computeThumbnail($conf, $url, $href = false) -{ - if (!$conf->get('thumbnail.enable_thumbnails')) return array(); - if ($href==false) $href=$url; - - // For most hosts, the URL of the thumbnail can be easily deduced from the URL of the link. - // (e.g. http://www.youtube.com/watch?v=spVypYk4kto ---> http://img.youtube.com/vi/spVypYk4kto/default.jpg ) - // ^^^^^^^^^^^ ^^^^^^^^^^^ - $domain = parse_url($url,PHP_URL_HOST); - if ($domain=='youtube.com' || $domain=='www.youtube.com') - { - parse_str(parse_url($url,PHP_URL_QUERY), $params); // Extract video ID and get thumbnail - if (!empty($params['v'])) return array('src'=>'https://img.youtube.com/vi/'.$params['v'].'/default.jpg', - 'href'=>$href,'width'=>'120','height'=>'90','alt'=>'YouTube thumbnail'); - } - if ($domain=='youtu.be') // Youtube short links - { - $path = parse_url($url,PHP_URL_PATH); - return array('src'=>'https://img.youtube.com/vi'.$path.'/default.jpg', - 'href'=>$href,'width'=>'120','height'=>'90','alt'=>'YouTube thumbnail'); - } - if ($domain=='pix.toile-libre.org') // pix.toile-libre.org image hosting - { - parse_str(parse_url($url,PHP_URL_QUERY), $params); // Extract image filename. - if (!empty($params) && !empty($params['img'])) return array('src'=>'http://pix.toile-libre.org/upload/thumb/'.urlencode($params['img']), - 'href'=>$href,'style'=>'max-width:120px; max-height:150px','alt'=>'pix.toile-libre.org thumbnail'); - } - - if ($domain=='imgur.com') - { - $path = parse_url($url,PHP_URL_PATH); - if (startsWith($path,'/a/')) return array(); // Thumbnails for albums are not available. - if (startsWith($path,'/r/')) return array('src'=>'https://i.imgur.com/'.basename($path).'s.jpg', - 'href'=>$href,'width'=>'90','height'=>'90','alt'=>'imgur.com thumbnail'); - if (startsWith($path,'/gallery/')) return array('src'=>'https://i.imgur.com'.substr($path,8).'s.jpg', - 'href'=>$href,'width'=>'90','height'=>'90','alt'=>'imgur.com thumbnail'); - - if (substr_count($path,'/')==1) return array('src'=>'https://i.imgur.com/'.substr($path,1).'s.jpg', - 'href'=>$href,'width'=>'90','height'=>'90','alt'=>'imgur.com thumbnail'); - } - if ($domain=='i.imgur.com') - { - $pi = pathinfo(parse_url($url,PHP_URL_PATH)); - if (!empty($pi['filename'])) return array('src'=>'https://i.imgur.com/'.$pi['filename'].'s.jpg', - 'href'=>$href,'width'=>'90','height'=>'90','alt'=>'imgur.com thumbnail'); - } - if ($domain=='dailymotion.com' || $domain=='www.dailymotion.com') - { - if (strpos($url,'dailymotion.com/video/')!==false) - { - $thumburl=str_replace('dailymotion.com/video/','dailymotion.com/thumbnail/video/',$url); - return array('src'=>$thumburl, - 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'DailyMotion thumbnail'); - } - } - if (endsWith($domain,'.imageshack.us')) - { - $ext=strtolower(pathinfo($url,PATHINFO_EXTENSION)); - if ($ext=='jpg' || $ext=='jpeg' || $ext=='png' || $ext=='gif') - { - $thumburl = substr($url,0,strlen($url)-strlen($ext)).'th.'.$ext; - return array('src'=>$thumburl, - 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'imageshack.us thumbnail'); - } - } - - // Some other hosts are SLOW AS HELL and usually require an extra HTTP request to get the thumbnail URL. - // So we deport the thumbnail generation in order not to slow down page generation - // (and we also cache the thumbnail) - - if (! $conf->get('thumbnail.enable_localcache')) return array(); // If local cache is disabled, no thumbnails for services which require the use a local cache. - - if ($domain=='flickr.com' || endsWith($domain,'.flickr.com') - || $domain=='vimeo.com' - || $domain=='ted.com' || endsWith($domain,'.ted.com') - || $domain=='xkcd.com' || endsWith($domain,'.xkcd.com') - ) - { - if ($domain=='vimeo.com') - { // Make sure this vimeo URL points to a video (/xxx... where xxx is numeric) - $path = parse_url($url,PHP_URL_PATH); - if (!preg_match('!/\d+.+?!',$path)) return array(); // This is not a single video URL. - } - if ($domain=='xkcd.com' || endsWith($domain,'.xkcd.com')) - { // Make sure this URL points to a single comic (/xxx... where xxx is numeric) - $path = parse_url($url,PHP_URL_PATH); - if (!preg_match('!/\d+.+?!',$path)) return array(); - } - if ($domain=='ted.com' || endsWith($domain,'.ted.com')) - { // Make sure this TED URL points to a video (/talks/...) - $path = parse_url($url,PHP_URL_PATH); - if ("/talks/" !== substr($path,0,7)) return array(); // This is not a single video URL. - } - $sign = hash_hmac('sha256', $url, $conf->get('credentials.salt')); // We use the salt to sign data (it's random, secret, and specific to each installation) - return array('src'=>index_url($_SERVER).'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url), - 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail'); - } - - // For all other, we try to make a thumbnail of links ending with .jpg/jpeg/png/gif - // Technically speaking, we should download ALL links and check their Content-Type to see if they are images. - // But using the extension will do. - $ext=strtolower(pathinfo($url,PATHINFO_EXTENSION)); - if ($ext=='jpg' || $ext=='jpeg' || $ext=='png' || $ext=='gif') - { - $sign = hash_hmac('sha256', $url, $conf->get('credentials.salt')); // We use the salt to sign data (it's random, secret, and specific to each installation) - return array('src'=>index_url($_SERVER).'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url), - 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail'); - } - return array(); // No thumbnail. - -} - - -// Returns the HTML code to display a thumbnail for a link -// with a link to the original URL. -// Understands various services (youtube.com...) -// Input: $url = URL for which the thumbnail must be found. -// $href = if provided, this URL will be followed instead of $url -// Returns '' if no thumbnail available. -function thumbnail($url,$href=false) -{ - // FIXME! - global $conf; - $t = computeThumbnail($conf, $url,$href); - if (count($t)==0) return ''; // Empty array = no thumbnail for this URL. - - $html=''; - - // Lazy image - $html.='get('credentials.salt')); - if ($sign!=$_GET['hmac']) die('Naughty boy!'); - - $cacheDir = $conf->get('resource.thumbnails_cache', 'cache'); - // Let's see if we don't already have the image for this URL in the cache. - $thumbname=hash('sha1',$_GET['url']).'.jpg'; - if (is_file($cacheDir .'/'. $thumbname)) - { // We have the thumbnail, just serve it: - header('Content-Type: image/jpeg'); - echo file_get_contents($cacheDir .'/'. $thumbname); - return; - } - // We may also serve a blank image (if service did not respond) - $blankname=hash('sha1',$_GET['url']).'.gif'; - if (is_file($cacheDir .'/'. $blankname)) - { - header('Content-Type: image/gif'); - echo file_get_contents($cacheDir .'/'. $blankname); - return; - } - - // Otherwise, generate the thumbnail. - $url = $_GET['url']; - $domain = parse_url($url,PHP_URL_HOST); - - if ($domain=='flickr.com' || endsWith($domain,'.flickr.com')) - { - // Crude replacement to handle new flickr domain policy (They prefer www. now) - $url = str_replace('http://flickr.com/','http://www.flickr.com/',$url); - - // Is this a link to an image, or to a flickr page ? - $imageurl=''; - if (endsWith(parse_url($url, PHP_URL_PATH), '.jpg')) - { // This is a direct link to an image. e.g. http://farm1.staticflickr.com/5/5921913_ac83ed27bd_o.jpg - preg_match('!(http://farm\d+\.staticflickr\.com/\d+/\d+_\w+_)\w.jpg!',$url,$matches); - if (!empty($matches[1])) $imageurl=$matches[1].'m.jpg'; - } - else // This is a flickr page (html) - { - // Get the flickr html page. - list($headers, $content) = get_http_response($url, 20); - if (strpos($headers[0], '200 OK') !== false) - { - // flickr now nicely provides the URL of the thumbnail in each flickr page. - preg_match('! - if ($imageurl=='') - { - preg_match('! tag on that page - // http://www.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net.html - // - list($headers, $content) = get_http_response($url, 5); - if (strpos($headers[0], '200 OK') !== false) { - // Extract the link to the thumbnail - preg_match('!link rel="image_src" href="(http://images.ted.com/images/ted/.+_\d+x\d+\.jpg)"!', $content, $matches); - if (!empty($matches[1])) - { // Let's download the image. - $imageurl=$matches[1]; - // No control on image size, so wait long enough - list($headers, $content) = get_http_response($imageurl, 20); - if (strpos($headers[0], '200 OK') !== false) { - $filepath = $cacheDir .'/'. $thumbname; - file_put_contents($filepath, $content); // Save image to cache. - if (resizeImage($filepath)) - { - header('Content-Type: image/jpeg'); - echo file_get_contents($filepath); - return; - } - } - } - } - } - - elseif ($domain=='xkcd.com' || endsWith($domain,'.xkcd.com')) - { - // There is no thumbnail available for xkcd comics, so download the whole image and resize it. - // http://xkcd.com/327/ - // <BLABLA> - list($headers, $content) = get_http_response($url, 5); - if (strpos($headers[0], '200 OK') !== false) { - // Extract the link to the thumbnail - preg_match('!Please synchonize them.' + ); + } try { $conf->write($loginManager->isLoggedIn()); @@ -1521,6 +1505,43 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, exit; } + // -------- Thumbnails Update + if ($targetPage == Router::$PAGE_THUMBS_UPDATE) { + $ids = []; + foreach ($LINKSDB as $link) { + // A note or not HTTP(S) + if ($link['url'][0] === '?' || ! startsWith(strtolower($link['url']), 'http')) { + continue; + } + $ids[] = $link['id']; + } + $PAGE->assign('ids', $ids); + $PAGE->assign('pagetitle', t('Thumbnail update') .' - '. $conf->get('general.title', 'Shaarli')); + $PAGE->renderPage('thumbnails'); + exit; + } + + // -------- Single Thumbnail Update + if ($targetPage == Router::$AJAX_THUMB_UPDATE) { + if (! isset($_POST['id']) || ! ctype_digit($_POST['id'])) { + http_response_code(400); + exit; + } + $id = (int) $_POST['id']; + if (empty($LINKSDB[$id])) { + http_response_code(404); + exit; + } + $thumbnailer = new Thumbnailer($conf); + $link = $LINKSDB[$id]; + $link['thumbnail'] = $thumbnailer->get($link['url']); + $LINKSDB[$id] = $link; + $LINKSDB->save($conf->get('resource.page_cache')); + + echo json_encode($link); + exit; + } + // -------- Otherwise, simply display search form and links: showLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager); exit; @@ -1777,7 +1798,7 @@ function install($conf, $sessionManager, $loginManager) { exit; } - $PAGE = new PageBuilder($conf, null, $sessionManager->generateToken()); + $PAGE = new PageBuilder($conf, $_SESSION, null, $sessionManager->generateToken()); list($continents, $cities) = generateTimeZoneData(timezone_identifiers_list(), date_default_timezone_get()); $PAGE->assign('continents', $continents); $PAGE->assign('cities', $cities); -- cgit v1.2.3 From b302b3c584b84f22f0e6f187b072180ecbacdfab Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Thu, 5 Jul 2018 20:29:55 +0200 Subject: Thumbnails: add a common mode to only retrieve thumbs from popular media websites --- index.php | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index d5a3e93d..299d6d9b 100644 --- a/index.php +++ b/index.php @@ -603,7 +603,9 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, // -------- Picture wall if ($targetPage == Router::$PAGE_PICWALL) { - if (! $conf->get('thumbnails.enabled')) { + $PAGE->assign('pagetitle', t('Picture wall') .' - '. $conf->get('general.title', 'Shaarli')); + if (! $conf->get('thumbnails.mode', Thumbnailer::MODE_NONE) === Thumbnailer::MODE_NONE) { + $PAGE->assign('linksToDisplay', []); $PAGE->renderPage('picwall'); exit; } @@ -630,7 +632,6 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $PAGE->assign($key, $value); } - $PAGE->assign('pagetitle', t('Picture wall') .' - '. $conf->get('general.title', 'Shaarli')); $PAGE->renderPage('picwall'); exit; } @@ -1013,14 +1014,13 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $conf->set('api.secret', escape($_POST['apiSecret'])); $conf->set('translation.language', escape($_POST['language'])); - $thumbnailsEnabled = extension_loaded('gd') && !empty($_POST['enableThumbnails']); - $conf->set('thumbnails.enabled', $thumbnailsEnabled); - - if (! $conf->get('thumbnails.enabled') && $thumbnailsEnabled) { + $thumbnailsMode = extension_loaded('gd') ? $_POST['enableThumbnails'] : Thumbnailer::MODE_NONE; + if ($conf->get('thumbnails.enabled', Thumbnailer::MODE_NONE) !== Thumbnailer::MODE_NONE) { $_SESSION['warnings'][] = t( - 'You have enabled thumbnails. Please synchonize them.' + 'You have enabled or changed thumbnails mode. Please synchonize them.' ); } + $conf->set('thumbnails.mode', $thumbnailsMode); try { $conf->write($loginManager->isLoggedIn()); @@ -1061,6 +1061,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $PAGE->assign('languages', Languages::getAvailableLanguages()); $PAGE->assign('language', $conf->get('translation.language')); $PAGE->assign('gd_enabled', extension_loaded('gd')); + $PAGE->assign('thumbnails_mode', $conf->get('thumbnails.mode', Thumbnailer::MODE_NONE)); $PAGE->assign('pagetitle', t('Configure') .' - '. $conf->get('general.title', 'Shaarli')); $PAGE->renderPage('configure'); exit; @@ -1162,7 +1163,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $link['title'] = $link['url']; } - if ($conf->get('thumbnails.enabled')) { + if ($conf->get('thumbnails.mode', Thumbnailer::MODE_NONE) !== Thumbnailer::MODE_NONE) { $thumbnailer = new Thumbnailer($conf); $link['thumbnail'] = $thumbnailer->get($url); } @@ -1606,7 +1607,8 @@ function buildLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager) $i = ($page-1) * $_SESSION['LINKS_PER_PAGE']; $end = $i + $_SESSION['LINKS_PER_PAGE']; - if ($conf->get('thumbnails.enabled')) { + $thumbnailsEnabled = $conf->get('thumbnails.mode', Thumbnailer::MODE_NONE) !== Thumbnailer::MODE_NONE; + if ($thumbnailsEnabled) { $thumbnailer = new Thumbnailer($conf); } @@ -1633,7 +1635,7 @@ function buildLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager) // Thumbnails enabled, not a note, // and (never retrieved yet or no valid cache file) - if ($conf->get('thumbnails.enabled') && $link['url'][0] != '?' + if ($thumbnailsEnabled && $link['url'][0] != '?' && (! isset($link['thumbnail']) || ($link['thumbnail'] !== false && ! is_file($link['thumbnail']))) ) { $elem = $LINKSDB[$keys[$i]]; -- cgit v1.2.3 From 1cafacfedd41ebd7bbf442a24a81b33cc24b1838 Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Sun, 1 Jul 2018 12:27:55 +0200 Subject: Docs: rename 'How-to' section to 'Guides' Signed-off-by: VirtualTam --- index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'index.php') diff --git a/index.php b/index.php index 29d67f62..5fc880e6 100644 --- a/index.php +++ b/index.php @@ -1103,7 +1103,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, // Linkdate is kept here to: // - use the same permalink for notes as they're displayed when creating them // - let users hack creation date of their posts - // See: https://shaarli.readthedocs.io/en/master/Various-hacks/#changing-the-timestamp-for-a-shaare + // See: https://shaarli.readthedocs.io/en/master/guides/various-hacks/#changing-the-timestamp-for-a-shaare $linkdate = escape($_POST['lf_linkdate']); if (isset($LINKSDB[$id])) { // Edit -- cgit v1.2.3 From 7b4fea0e39be9e74e9aef13e73af9bbd2b1a6397 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Tue, 17 Jul 2018 13:13:26 +0200 Subject: Bunch of improvement for thumbnails integration: - add a default thumb size value (125x90px) - improve private vertical bar visual, especially with thumbnails - translations - add a sync thumbs button in tool and empty picwall page - fixes WT download mode in JSON config --- index.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 299d6d9b..ac0baf7d 100644 --- a/index.php +++ b/index.php @@ -632,6 +632,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $PAGE->assign($key, $value); } + $PAGE->renderPage('picwall'); exit; } @@ -1015,9 +1016,11 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $conf->set('translation.language', escape($_POST['language'])); $thumbnailsMode = extension_loaded('gd') ? $_POST['enableThumbnails'] : Thumbnailer::MODE_NONE; - if ($conf->get('thumbnails.enabled', Thumbnailer::MODE_NONE) !== Thumbnailer::MODE_NONE) { + if ($thumbnailsMode !== Thumbnailer::MODE_NONE + && $thumbnailsMode !== $conf->get('thumbnails.mode', Thumbnailer::MODE_NONE) + ) { $_SESSION['warnings'][] = t( - 'You have enabled or changed thumbnails mode. Please synchonize them.' + 'You have enabled or changed thumbnails mode. Please synchronize them.' ); } $conf->set('thumbnails.mode', $thumbnailsMode); @@ -1517,7 +1520,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $ids[] = $link['id']; } $PAGE->assign('ids', $ids); - $PAGE->assign('pagetitle', t('Thumbnail update') .' - '. $conf->get('general.title', 'Shaarli')); + $PAGE->assign('pagetitle', t('Thumbnails update') .' - '. $conf->get('general.title', 'Shaarli')); $PAGE->renderPage('thumbnails'); exit; } -- cgit v1.2.3 From bf3c9934d2dc02cead5995570239c5c6230ed5e5 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sun, 29 Jul 2018 17:40:05 +0200 Subject: Fix fatal error on daily page: use new thumbnail system Also fix: * include the login manager in the daily RSS feed function * remove redirector setting in the vintage theme Fixes #1190 --- index.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 1480bbc5..925d47a5 100644 --- a/index.php +++ b/index.php @@ -356,7 +356,6 @@ function showDailyRSS($conf, $loginManager) { $conf->get('redirector.url'), $conf->get('redirector.encode_url') ); - $link['thumbnail'] = thumbnail($conf, $link['url']); $link['timestamp'] = $link['created']->getTimestamp(); if (startsWith($link['url'], '?')) { $link['url'] = index_url($_SERVER) . $link['url']; // make permalink URL absolute @@ -371,6 +370,7 @@ function showDailyRSS($conf, $loginManager) { $tpl->assign('links', $links); $tpl->assign('rssdate', escape($dayDate->format(DateTime::RSS))); $tpl->assign('hide_timestamps', $conf->get('privacy.hide_timestamps', false)); + $tpl->assign('index_url', $pageaddr); $html = $tpl->draw('dailyrss', true); echo $html . PHP_EOL; @@ -433,7 +433,6 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager, $loginManager) $conf->get('redirector.url'), $conf->get('redirector.encode_url') ); - $linksToDisplay[$key]['thumbnail'] = thumbnail($conf, $link['url']); $linksToDisplay[$key]['timestamp'] = $link['created']->getTimestamp(); } @@ -1812,7 +1811,11 @@ function install($conf, $sessionManager, $loginManager) { exit; } -if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=dailyrss')) { showDailyRSS($conf); exit; } +if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=dailyrss')) { + showDailyRSS($conf, $loginManager); + exit; +} + if (!isset($_SESSION['LINKS_PER_PAGE'])) { $_SESSION['LINKS_PER_PAGE'] = $conf->get('general.links_per_page', 20); } -- cgit v1.2.3 From b5c368b85885b82e7db7e509c8a7e2035d51e0a1 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Fri, 10 Aug 2018 17:09:51 +0200 Subject: Fix issue 'You are not authorized to add a link' with thumbnails enabled Do not try to alter the datastore by updating thumbnails if the user isn't logged in. Also, do not enable thumbnails if PHP GD extension is not installed/loaded --- index.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 925d47a5..4b86a3e2 100644 --- a/index.php +++ b/index.php @@ -1635,9 +1635,9 @@ function buildLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager) uasort($taglist, 'strcasecmp'); $link['taglist'] = $taglist; - // Thumbnails enabled, not a note, + // Logged in, thumbnails enabled, not a note, // and (never retrieved yet or no valid cache file) - if ($thumbnailsEnabled && $link['url'][0] != '?' + if ($loginManager->isLoggedIn() && $thumbnailsEnabled && $link['url'][0] != '?' && (! isset($link['thumbnail']) || ($link['thumbnail'] !== false && ! is_file($link['thumbnail']))) ) { $elem = $LINKSDB[$keys[$i]]; -- cgit v1.2.3 From 5d9bc40d7e48b8ac4829f9101f85b849d9199fa3 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Mon, 13 Aug 2018 12:21:10 +0200 Subject: Add CORS headers to REST API responses Fixes #1174 --- index.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'index.php') diff --git a/index.php b/index.php index 4b86a3e2..9c1e4999 100644 --- a/index.php +++ b/index.php @@ -1858,6 +1858,7 @@ $app->group('/api/v1', function() { })->add('\Shaarli\Api\ApiMiddleware'); $response = $app->run(true); + // Hack to make Slim and Shaarli router work together: // If a Slim route isn't found and NOT API call, we call renderPage(). if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) { @@ -1865,5 +1866,12 @@ if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v header('Content-Type: text/html; charset=utf-8'); renderPage($conf, $pluginManager, $linkDb, $history, $sessionManager, $loginManager); } else { + $response = $response + ->withHeader('Access-Control-Allow-Origin', '*') + ->withHeader( + 'Access-Control-Allow-Headers', + 'X-Requested-With, Content-Type, Accept, Origin, Authorization' + ) + ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS'); $app->respond($response); } -- cgit v1.2.3 From b54faf4fd9b92ff7f950dd0f77a09dabf3018e9a Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Mon, 13 Aug 2018 13:18:31 +0200 Subject: History: fix a bug on bulk deletion where only one deletion were registred --- index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'index.php') diff --git a/index.php b/index.php index 4b86a3e2..8f6ee50a 100644 --- a/index.php +++ b/index.php @@ -1236,10 +1236,10 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $id = (int) escape($id); $link = $LINKSDB[$id]; $pluginManager->executeHooks('delete_link', $link); + $history->deleteLink($link); unset($LINKSDB[$id]); } $LINKSDB->save($conf->get('resource.page_cache')); // save to disk - $history->deleteLink($link); // If we are called from the bookmarklet, we must close the popup: if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo ''; exit; } -- cgit v1.2.3 From 4fa9a3c5d83a1024678596a586afe5df14a345b5 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Thu, 16 Aug 2018 17:25:47 +0200 Subject: Fix a JS bug preventing AJAX tag deletion to work Fixes #1214 --- index.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'index.php') diff --git a/index.php b/index.php index 8f6ee50a..eb717536 100644 --- a/index.php +++ b/index.php @@ -1084,7 +1084,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, die(t('Wrong token.')); } - $alteredLinks = $LINKSDB->renameTag(escape($_POST['fromtag']), escape($_POST['totag'])); + $toTag = isset($_POST['totag']) ? escape($_POST['totag']) : null; + $alteredLinks = $LINKSDB->renameTag(escape($_POST['fromtag']), $toTag); $LINKSDB->save($conf->get('resource.page_cache')); foreach ($alteredLinks as $link) { $history->updateLink($link); -- cgit v1.2.3 From 4154c25b5f2f8044a37d7f84e04173bb54f2375b Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Tue, 22 May 2018 22:44:38 +0200 Subject: Add a button to set links as sticky Meaning that they always appear on top of all links Fixes #186 --- index.php | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'index.php') diff --git a/index.php b/index.php index 0ef33633..b702bd13 100644 --- a/index.php +++ b/index.php @@ -1353,6 +1353,25 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, exit; } + if ($targetPage == Router::$PAGE_PINLINK) { + if (! isset($_GET['id']) || empty($LINKSDB[$_GET['id']])) { + // FIXME! Use a proper error system. + $msg = t('Invalid link ID provided'); + echo ''; + exit; + } + if (! $sessionManager->checkToken($_GET['token'])) { + die('Wrong token.'); + } + + $link = $LINKSDB[$_GET['id']]; + $link['sticky'] = ! $link['sticky']; + $LINKSDB[(int) $_GET['id']] = $link; + $LINKSDB->save($conf->get('resource.page_cache')); + header('Location: '.index_url($_SERVER)); + exit; + } + if ($targetPage == Router::$PAGE_EXPORT) { // Export links as a Netscape Bookmarks file -- cgit v1.2.3 From f6380409ac0b6ae1368d89ca749c139183e7b02e Mon Sep 17 00:00:00 2001 From: Bish Erbas <42714627+bisherbas@users.noreply.github.com> Date: Wed, 31 Oct 2018 09:09:35 -0400 Subject: Update session start condition Recommended method for PHP >= 5.4.0 as seen here https://stackoverflow.com/questions/6249707/check-if-php-session-has-already-started Per https://shaarli.readthedocs.io/en/master/Server-configuration/ Shaarli supports PHP >= 5.6 --- index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'index.php') diff --git a/index.php b/index.php index b702bd13..82285dd9 100644 --- a/index.php +++ b/index.php @@ -111,7 +111,7 @@ ini_set('session.use_trans_sid', false); session_name('shaarli'); // Start session if needed (Some server auto-start sessions). -if (session_id() == '') { +if (session_status() == PHP_SESSION_NONE) { session_start(); } -- cgit v1.2.3 From 93bf0918fa7bb1efb39d1540d7e46e52767270df Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Sat, 13 Oct 2018 00:31:11 +0200 Subject: lint: apply phpcbf to index.php Signed-off-by: VirtualTam --- index.php | 231 +++++++++++++++++++++++++++++++------------------------------- 1 file changed, 115 insertions(+), 116 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 82285dd9..2e350fcf 100644 --- a/index.php +++ b/index.php @@ -28,7 +28,7 @@ if (date_default_timezone_get() == '') { define('WEB_PATH', substr($_SERVER['REQUEST_URI'], 0, 1+strrpos($_SERVER['REQUEST_URI'], '/', 0))); // High execution time in case of problematic imports/exports. -ini_set('max_input_time','60'); +ini_set('max_input_time', '60'); // Try to set max upload file size and read ini_set('memory_limit', '128M'); @@ -85,7 +85,7 @@ use \Shaarli\Thumbnailer; // Ensure the PHP version is supported try { ApplicationUtils::checkPHPVersion('5.5', PHP_VERSION); -} catch(Exception $exc) { +} catch (Exception $exc) { header('Content-Type: text/plain; charset=utf-8'); echo $exc->getMessage(); exit; @@ -223,7 +223,6 @@ if (isset($_POST['login'])) { $expirationTime, WEB_PATH ); - } else { // Standard session expiration (=when browser closes) $expirationTime = 0; @@ -257,7 +256,8 @@ if (isset($_POST['login'])) { exit; } } - header('Location: ?'); exit; + header('Location: ?'); + exit; } else { $loginManager->handleFailedLogin($_SERVER); $redir = '&username='. urlencode($_POST['login']); @@ -278,7 +278,9 @@ if (isset($_POST['login'])) { // ------------------------------------------------------------------------------------------ // Token management for XSRF protection // Token should be used in any form which acts on data (create,update,delete,import...). -if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are attached to the session. +if (!isset($_SESSION['tokens'])) { + $_SESSION['tokens']=array(); // Token are attached to the session. +} /** * Daily RSS feed: 1 RSS entry per day giving all the links on that day. @@ -288,13 +290,14 @@ if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are atta * @param ConfigManager $conf Configuration Manager instance * @param LoginManager $loginManager LoginManager instance */ -function showDailyRSS($conf, $loginManager) { +function showDailyRSS($conf, $loginManager) +{ // Cache system $query = $_SERVER['QUERY_STRING']; $cache = new CachedPage( $conf->get('config.PAGE_CACHE'), page_url($_SERVER), - startsWith($query,'do=dailyrss') && !$loginManager->isLoggedIn() + startsWith($query, 'do=dailyrss') && !$loginManager->isLoggedIn() ); $cached = $cache->cachedVersion(); if (!empty($cached)) { @@ -395,7 +398,7 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager, $loginManager) { $day = date('Ymd', strtotime('-1 day')); // Yesterday, in format YYYYMMDD. if (isset($_GET['day'])) { - $day = $_GET['day']; + $day = $_GET['day']; } $days = $LINKSDB->days(); @@ -413,7 +416,7 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager, $loginManager) $previousday=$days[$i - 1]; } if ($i < count($days) - 1) { - $nextday = $days[$i + 1]; + $nextday = $days[$i + 1]; } } try { @@ -424,8 +427,8 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager, $loginManager) } // We pre-format some fields for proper output. - foreach($linksToDisplay as $key => $link) { - $taglist = explode(' ',$link['tags']); + foreach ($linksToDisplay as $key => $link) { + $taglist = explode(' ', $link['tags']); uasort($taglist, 'strcasecmp'); $linksToDisplay[$key]['taglist']=$taglist; $linksToDisplay[$key]['formatedDescription'] = format_description( @@ -457,14 +460,14 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager, $loginManager) */ $columns = array(array(), array(), array()); // Entries to display, for each column. $fill = array(0, 0, 0); // Rough estimate of columns fill. - foreach($data['linksToDisplay'] as $key => $link) { + foreach ($data['linksToDisplay'] as $key => $link) { // Roughly estimate length of entry (by counting characters) // Title: 30 chars = 1 line. 1 line is 30 pixels height. // Description: 836 characters gives roughly 342 pixel height. // This is not perfect, but it's usually OK. $length = strlen($link['title']) + (342 * strlen($link['description'])) / 836; if ($link['thumbnail']) { - $length += 100; // 1 thumbnails roughly takes 100 pixels height. + $length += 100; // 1 thumbnails roughly takes 100 pixels height. } // Then put in column which is the less filled: $smallest = min($fill); // find smallest value in array. @@ -492,8 +495,9 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager, $loginManager) * @param ConfigManager $conf Configuration Manager instance. * @param PluginManager $pluginManager Plugin Manager instance. */ -function showLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager) { - buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager, $loginManager); +function showLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager) +{ + buildLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager); $PAGE->renderPage('linklist'); } @@ -524,8 +528,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $updater->getDoneUpdates() ); } - } - catch(Exception $e) { + } catch (Exception $e) { die($e->getMessage()); } @@ -538,8 +541,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $query = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : ''; $targetPage = Router::findPage($query, $_GET, $loginManager->isLoggedIn()); - if ( - // if the user isn't logged in + if (// if the user isn't logged in !$loginManager->isLoggedIn() && // and Shaarli doesn't have public content... $conf->get('privacy.hide_public_links') && @@ -563,9 +565,11 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, 'footer', ); - foreach($common_hooks as $name) { + foreach ($common_hooks as $name) { $plugin_data = array(); - $pluginManager->executeHooks('render_' . $name, $plugin_data, + $pluginManager->executeHooks( + 'render_' . $name, + $plugin_data, array( 'target' => $targetPage, 'loggedin' => $loginManager->isLoggedIn() @@ -575,13 +579,15 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, } // -------- Display login form. - if ($targetPage == Router::$PAGE_LOGIN) - { - if ($conf->get('security.open_shaarli')) { header('Location: ?'); exit; } // No need to login for open Shaarli + if ($targetPage == Router::$PAGE_LOGIN) { + if ($conf->get('security.open_shaarli')) { + header('Location: ?'); + exit; + } // No need to login for open Shaarli if (isset($_GET['username'])) { $PAGE->assign('username', escape($_GET['username'])); } - $PAGE->assign('returnurl',(isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']):'')); + $PAGE->assign('returnurl', (isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']):'')); // add default state of the 'remember me' checkbox $PAGE->assign('remember_user_default', $conf->get('privacy.remember_user_default')); $PAGE->assign('user_can_login', $loginManager->canLogin($_SERVER)); @@ -590,8 +596,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, exit; } // -------- User wants to logout. - if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=logout')) - { + if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=logout')) { invalidateCaches($conf->get('resource.page_cache')); $sessionManager->logout(); setcookie(LoginManager::$STAY_SIGNED_IN_COOKIE, 'false', 0, WEB_PATH); @@ -600,8 +605,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, } // -------- Picture wall - if ($targetPage == Router::$PAGE_PICWALL) - { + if ($targetPage == Router::$PAGE_PICWALL) { $PAGE->assign('pagetitle', t('Picture wall') .' - '. $conf->get('general.title', 'Shaarli')); if (! $conf->get('thumbnails.mode', Thumbnailer::MODE_NONE) === Thumbnailer::MODE_NONE) { $PAGE->assign('linksToDisplay', []); @@ -615,8 +619,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, // Get only links which have a thumbnail. // Note: we do not retrieve thumbnails here, the request is too heavy. - foreach($links as $key => $link) - { + foreach ($links as $key => $link) { if (isset($link['thumbnail']) && $link['thumbnail'] !== false) { $linksToDisplay[] = $link; // Add to array. } @@ -637,8 +640,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, } // -------- Tag cloud - if ($targetPage == Router::$PAGE_TAGCLOUD) - { + if ($targetPage == Router::$PAGE_TAGCLOUD) { $visibility = ! empty($_SESSION['visibility']) ? $_SESSION['visibility'] : ''; $filteringTags = isset($_GET['searchtags']) ? explode(' ', $_GET['searchtags']) : []; $tags = $LINKSDB->linksCountPerTag($filteringTags, $visibility); @@ -653,7 +655,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, alphabetical_sort($tags, false, true); $tagList = array(); - foreach($tags as $key => $value) { + foreach ($tags as $key => $value) { if (in_array($key, $filteringTags)) { continue; } @@ -685,8 +687,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, } // -------- Tag list - if ($targetPage == Router::$PAGE_TAGLIST) - { + if ($targetPage == Router::$PAGE_TAGLIST) { $visibility = ! empty($_SESSION['visibility']) ? $_SESSION['visibility'] : ''; $filteringTags = isset($_GET['searchtags']) ? explode(' ', $_GET['searchtags']) : []; $tags = $LINKSDB->linksCountPerTag($filteringTags, $visibility); @@ -732,7 +733,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $cache = new CachedPage( $conf->get('resource.page_cache'), page_url($_SERVER), - startsWith($query,'do='. $targetPage) && !$loginManager->isLoggedIn() + startsWith($query, 'do='. $targetPage) && !$loginManager->isLoggedIn() ); $cached = $cache->cachedVersion(); if (!empty($cached)) { @@ -770,11 +771,14 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, } // -------- User clicks on a tag in a link: The tag is added to the list of searched tags (searchtags=...) - if (isset($_GET['addtag'])) - { + if (isset($_GET['addtag'])) { // Get previous URL (http_referer) and add the tag to the searchtags parameters in query. - if (empty($_SERVER['HTTP_REFERER'])) { header('Location: ?searchtags='.urlencode($_GET['addtag'])); exit; } // In case browser does not send HTTP_REFERER - parse_str(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_QUERY), $params); + if (empty($_SERVER['HTTP_REFERER'])) { + // In case browser does not send HTTP_REFERER + header('Location: ?searchtags='.urlencode($_GET['addtag'])); + exit; + } + parse_str(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY), $params); // Prevent redirection loop if (isset($params['addtag'])) { @@ -798,8 +802,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, // Append the tag if necessary if (empty($params['searchtags'])) { $params['searchtags'] = trim($_GET['addtag']); - } - elseif ($addtag) { + } elseif ($addtag) { $params['searchtags'] = trim($params['searchtags']).' '.trim($_GET['addtag']); } @@ -828,7 +831,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $tags = explode(' ', $params['searchtags']); // Remove value from array $tags. $tags = array_diff($tags, array($_GET['removetag'])); - $params['searchtags'] = implode(' ',$tags); + $params['searchtags'] = implode(' ', $tags); if (empty($params['searchtags'])) { unset($params['searchtags']); @@ -897,12 +900,10 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, } // -------- Handle other actions allowed for non-logged in users: - if (!$loginManager->isLoggedIn()) - { + if (!$loginManager->isLoggedIn()) { // User tries to post new link but is not logged in: // Show login screen, then redirect to ?post=... - if (isset($_GET['post'])) - { + if (isset($_GET['post'])) { header( // Redirect to login page, then back to post link. 'Location: ?do=login&post='.urlencode($_GET['post']). (!empty($_GET['title'])?'&title='.urlencode($_GET['title']):''). @@ -925,8 +926,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, // -------- All other functions are reserved for the registered user: // -------- Display the Tools menu if requested (import/export/bookmarklet...) - if ($targetPage == Router::$PAGE_TOOLS) - { + if ($targetPage == Router::$PAGE_TOOLS) { $data = [ 'pageabsaddr' => index_url($_SERVER), 'sslenabled' => is_https($_SERVER), @@ -943,15 +943,15 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, } // -------- User wants to change his/her password. - if ($targetPage == Router::$PAGE_CHANGEPASSWORD) - { + if ($targetPage == Router::$PAGE_CHANGEPASSWORD) { if ($conf->get('security.open_shaarli')) { die(t('You are not supposed to change a password on an Open Shaarli.')); } - if (!empty($_POST['setpassword']) && !empty($_POST['oldpassword'])) - { - if (!$sessionManager->checkToken($_POST['token'])) die(t('Wrong token.')); // Go away! + if (!empty($_POST['setpassword']) && !empty($_POST['oldpassword'])) { + if (!$sessionManager->checkToken($_POST['token'])) { + die(t('Wrong token.')); // Go away! + } // Make sure old password is correct. $oldhash = sha1($_POST['oldpassword'].$conf->get('credentials.login').$conf->get('credentials.salt')); @@ -965,8 +965,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $conf->set('credentials.hash', sha1($_POST['setpassword'] . $conf->get('credentials.login') . $conf->get('credentials.salt'))); try { $conf->write($loginManager->isLoggedIn()); - } - catch(Exception $e) { + } catch (Exception $e) { error_log( 'ERROR while writing config file after changing password.' . PHP_EOL . $e->getMessage() @@ -978,9 +977,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, } echo ''; exit; - } - else // show the change password form. - { + } else { + // show the change password form. $PAGE->assign('pagetitle', t('Change password') .' - '. $conf->get('general.title', 'Shaarli')); $PAGE->renderPage('changepassword'); exit; @@ -988,10 +986,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, } // -------- User wants to change configuration - if ($targetPage == Router::$PAGE_CONFIGURE) - { - if (!empty($_POST['title']) ) - { + if ($targetPage == Router::$PAGE_CONFIGURE) { + if (!empty($_POST['title'])) { if (!$sessionManager->checkToken($_POST['token'])) { die(t('Wrong token.')); // Go away! } @@ -1028,8 +1024,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $conf->write($loginManager->isLoggedIn()); $history->updateSettings(); invalidateCaches($conf->get('resource.page_cache')); - } - catch(Exception $e) { + } catch (Exception $e) { error_log( 'ERROR while writing config file after configuration update.' . PHP_EOL . $e->getMessage() @@ -1041,9 +1036,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, } echo ''; exit; - } - else // Show the configuration form. - { + } else { + // Show the configuration form. $PAGE->assign('title', $conf->get('general.title')); $PAGE->assign('theme', $conf->get('resource.theme')); $PAGE->assign('theme_available', ThemeUtils::getThemes($conf->get('resource.raintpl_tpl'))); @@ -1071,8 +1065,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, } // -------- User wants to rename a tag or delete it - if ($targetPage == Router::$PAGE_CHANGETAG) - { + if ($targetPage == Router::$PAGE_CHANGETAG) { if (empty($_POST['fromtag']) || (empty($_POST['totag']) && isset($_POST['renametag']))) { $PAGE->assign('fromtag', ! empty($_GET['fromtag']) ? escape($_GET['fromtag']) : ''); $PAGE->assign('pagetitle', t('Manage tags') .' - '. $conf->get('general.title', 'Shaarli')); @@ -1101,16 +1094,14 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, } // -------- User wants to add a link without using the bookmarklet: Show form. - if ($targetPage == Router::$PAGE_ADDLINK) - { + if ($targetPage == Router::$PAGE_ADDLINK) { $PAGE->assign('pagetitle', t('Shaare a new link') .' - '. $conf->get('general.title', 'Shaarli')); $PAGE->renderPage('addlink'); exit; } // -------- User clicked the "Save" button when editing a link: Save link to database. - if (isset($_POST['save_edit'])) - { + if (isset($_POST['save_edit'])) { // Go away! if (! $sessionManager->checkToken($_POST['token'])) { die(t('Wrong token.')); @@ -1197,14 +1188,16 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, } // -------- User clicked the "Cancel" button when editing a link. - if (isset($_POST['cancel_edit'])) - { + if (isset($_POST['cancel_edit'])) { $id = isset($_POST['lf_id']) ? (int) escape($_POST['lf_id']) : false; if (! isset($LINKSDB[$id])) { header('Location: ?'); } // If we are called from the bookmarklet, we must close the popup: - if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo ''; exit; } + if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { + echo ''; + exit; + } $link = $LINKSDB[$id]; $returnurl = ( isset($_POST['returnurl']) ? $_POST['returnurl'] : '?' ); // Scroll to the link which has been edited. @@ -1215,8 +1208,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, } // -------- User clicked the "Delete" button when editing a link: Delete link from database. - if ($targetPage == Router::$PAGE_DELETELINK) - { + if ($targetPage == Router::$PAGE_DELETELINK) { if (! $sessionManager->checkToken($_GET['token'])) { die(t('Wrong token.')); } @@ -1230,7 +1222,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $ids = [$ids]; } // assert at least one id is given - if(!count($ids)){ + if (!count($ids)) { die('no id provided'); } foreach ($ids as $id) { @@ -1243,15 +1235,18 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $LINKSDB->save($conf->get('resource.page_cache')); // save to disk // If we are called from the bookmarklet, we must close the popup: - if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo ''; exit; } + if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { + echo ''; + exit; + } $location = '?'; if (isset($_SERVER['HTTP_REFERER'])) { // Don't redirect to where we were previously if it was a permalink or an edit_link, because it would 404. $location = generateLocation( - $_SERVER['HTTP_REFERER'], - $_SERVER['HTTP_HOST'], - ['delete_link', 'edit_link', $link['shorturl']] + $_SERVER['HTTP_REFERER'], + $_SERVER['HTTP_HOST'], + ['delete_link', 'edit_link', $link['shorturl']] ); } @@ -1260,11 +1255,13 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, } // -------- User clicked the "EDIT" button on a link: Display link edit form. - if (isset($_GET['edit_link'])) - { + if (isset($_GET['edit_link'])) { $id = (int) escape($_GET['edit_link']); $link = $LINKSDB[$id]; // Read database - if (!$link) { header('Location: ?'); exit; } // Link not found in database. + if (!$link) { + header('Location: ?'); + exit; + } // Link not found in database. $link['linkdate'] = $link['created']->format(LinkDB::LINK_DATE_FORMAT); $data = array( 'link' => $link, @@ -1290,8 +1287,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $link_is_new = false; // Check if URL is not already in database (in this case, we will edit the existing link) $link = $LINKSDB->getLinkFromUrl($url); - if (! $link) - { + if (! $link) { $link_is_new = true; $linkdate = strval(date(LinkDB::LINK_DATE_FORMAT)); // Get title if it was provided in URL (by the bookmarklet). @@ -1408,7 +1404,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, header('Content-Type: text/html; charset=utf-8'); header( 'Content-disposition: attachment; filename=bookmarks_' - .$selection.'_'.$now->format(LinkDB::LINK_DATE_FORMAT).'.html' + .$selection.'_'.$now->format(LinkDB::LINK_DATE_FORMAT).'.html' ); $PAGE->assign('date', $now->format(DateTime::RFC822)); $PAGE->assign('eol', PHP_EOL); @@ -1476,14 +1472,20 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $pluginMeta = $pluginManager->getPluginsMeta(); // Split plugins into 2 arrays: ordered enabled plugins and disabled. - $enabledPlugins = array_filter($pluginMeta, function($v) { return $v['order'] !== false; }); + $enabledPlugins = array_filter($pluginMeta, function ($v) { + return $v['order'] !== false; + }); // Load parameters. $enabledPlugins = load_plugin_parameter_values($enabledPlugins, $conf->get('plugins', array())); uasort( $enabledPlugins, - function($a, $b) { return $a['order'] - $b['order']; } + function ($a, $b) { + return $a['order'] - $b['order']; + } ); - $disabledPlugins = array_filter($pluginMeta, function($v) { return $v['order'] === false; }); + $disabledPlugins = array_filter($pluginMeta, function ($v) { + return $v['order'] === false; + }); $PAGE->assign('enabledPlugins', $enabledPlugins); $PAGE->assign('disabledPlugins', $disabledPlugins); @@ -1500,14 +1502,12 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, foreach ($_POST as $param => $value) { $conf->set('plugins.'. $param, escape($value)); } - } - else { + } else { $conf->set('general.enabled_plugins', save_plugin_config($_POST)); } $conf->write($loginManager->isLoggedIn()); $history->updateSettings(); - } - catch (Exception $e) { + } catch (Exception $e) { error_log( 'ERROR while saving plugin configuration:.' . PHP_EOL . $e->getMessage() @@ -1635,8 +1635,7 @@ function buildLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager) } $linkDisp = array(); - while ($i<$end && $iSessions do not seem to work correctly on your server.
'. @@ -1764,19 +1765,18 @@ function install($conf, $sessionManager, $loginManager) { echo '
'. t('Click to try again.') .''; die; } - if (!isset($_SESSION['session_tested'])) - { // Step 1 : Try to store data in session and reload page. + if (!isset($_SESSION['session_tested'])) { + // Step 1 : Try to store data in session and reload page. $_SESSION['session_tested'] = 'Working'; // Try to set a variable in session. header('Location: '.index_url($_SERVER).'?test_session'); // Redirect to check stored data. } - if (isset($_GET['test_session'])) - { // Step 3: Sessions are OK. Remove test parameter from URL. + if (isset($_GET['test_session'])) { + // Step 3: Sessions are OK. Remove test parameter from URL. header('Location: '.index_url($_SERVER)); } - if (!empty($_POST['setlogin']) && !empty($_POST['setpassword'])) - { + if (!empty($_POST['setlogin']) && !empty($_POST['setpassword'])) { $tz = 'UTC'; if (!empty($_POST['continent']) && !empty($_POST['city']) && isTimeZoneValid($_POST['continent'], $_POST['city']) @@ -1807,12 +1807,11 @@ function install($conf, $sessionManager, $loginManager) { try { // Everything is ok, let's create config file. $conf->write($loginManager->isLoggedIn()); - } - catch(Exception $e) { + } catch (Exception $e) { error_log( - 'ERROR while writing config file after installation.' . PHP_EOL . + 'ERROR while writing config file after installation.' . PHP_EOL . $e->getMessage() - ); + ); // TODO: do not handle exceptions/errors in JS. echo ''; @@ -1842,7 +1841,7 @@ if (!isset($_SESSION['LINKS_PER_PAGE'])) { try { $history = new History($conf->get('resource.history')); -} catch(Exception $e) { +} catch (Exception $e) { die($e->getMessage()); } @@ -1861,7 +1860,7 @@ $container['history'] = $history; $app = new \Slim\App($container); // REST API routes -$app->group('/api/v1', function() { +$app->group('/api/v1', function () { $this->get('/info', '\Shaarli\Api\Controllers\Info:getInfo')->setName('getInfo'); $this->get('/links', '\Shaarli\Api\Controllers\Links:getLinks')->setName('getLinks'); $this->get('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:getLink')->setName('getLink'); -- cgit v1.2.3 From 9d9f6d75b94aab51067bdfbe50b58b66d1194f6d Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Sat, 13 Oct 2018 01:40:04 +0200 Subject: lint: fix line-length warnings Signed-off-by: VirtualTam --- index.php | 49 ++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 38 insertions(+), 11 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 2e350fcf..acfcc660 100644 --- a/index.php +++ b/index.php @@ -806,7 +806,10 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $params['searchtags'] = trim($params['searchtags']).' '.trim($_GET['addtag']); } - unset($params['page']); // We also remove page (keeping the same page has no sense, since the results are different) + // We also remove page (keeping the same page has no sense, since the + // results are different) + unset($params['page']); + header('Location: ?'.http_build_query($params)); exit; } @@ -837,7 +840,9 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, unset($params['searchtags']); } - unset($params['page']); // We also remove page (keeping the same page has no sense, since the results are different) + // We also remove page (keeping the same page has no sense, since + // the results are different) + unset($params['page']); } header('Location: ?'.http_build_query($params)); exit; @@ -954,15 +959,26 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, } // Make sure old password is correct. - $oldhash = sha1($_POST['oldpassword'].$conf->get('credentials.login').$conf->get('credentials.salt')); - if ($oldhash!= $conf->get('credentials.hash')) { - echo ''; + $oldhash = sha1( + $_POST['oldpassword'].$conf->get('credentials.login').$conf->get('credentials.salt') + ); + if ($oldhash != $conf->get('credentials.hash')) { + echo ''; exit; } // Save new password // Salt renders rainbow-tables attacks useless. $conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand())); - $conf->set('credentials.hash', sha1($_POST['setpassword'] . $conf->get('credentials.login') . $conf->get('credentials.salt'))); + $conf->set( + 'credentials.hash', + sha1( + $_POST['setpassword'] + . $conf->get('credentials.login') + . $conf->get('credentials.salt') + ) + ); try { $conf->write($loginManager->isLoggedIn()); } catch (Exception $e) { @@ -1015,7 +1031,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, && $thumbnailsMode !== $conf->get('thumbnails.mode', Thumbnailer::MODE_NONE) ) { $_SESSION['warnings'][] = t( - 'You have enabled or changed thumbnails mode. Please synchronize them.' + 'You have enabled or changed thumbnails mode. ' + .'Please synchronize them.' ); } $conf->set('thumbnails.mode', $thumbnailsMode); @@ -1296,7 +1313,9 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, $description = empty($_GET['description']) ? '' : escape($_GET['description']); $tags = empty($_GET['tags']) ? '' : escape($_GET['tags']); $private = !empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0; - // If this is an HTTP(S) link, we try go get the page to extract the title (otherwise we will to straight to the edit form.) + + // If this is an HTTP(S) link, we try go get the page to extract + // the title (otherwise we will to straight to the edit form.) if (empty($title) && strpos(get_url_scheme($url), 'http') !== false) { // Short timeout to keep the application responsive // The callback will fill $charset and $title with data from the downloaded page. @@ -1514,7 +1533,11 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, ); // TODO: do not handle exceptions/errors in JS. - echo ''; + echo ''; exit; } header('Location: ?do='. Router::$PAGE_PLUGINSADMIN); @@ -1749,7 +1772,8 @@ function install($conf, $sessionManager, $loginManager) // This part makes sure sessions works correctly. // (Because on some hosts, session.save_path may not be set correctly, // or we may not have write access to it.) - if (isset($_GET['test_session']) && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working')) { + if (isset($_GET['test_session']) + && ( !isset($_SESSION) || !isset($_SESSION['session_tested']) || $_SESSION['session_tested']!='Working')) { // Step 2: Check if data in session is correct. $msg = t( '
Sessions do not seem to work correctly on your server.
'.
@@ -1817,7 +1841,10 @@ function install($conf, $sessionManager, $loginManager)
             echo '';
             exit;
         }
-        echo '';
+        echo '';
         exit;
     }
 
-- 
cgit v1.2.3


From 1cc5eaf9dee0e71aefbce1ff0f28c86ff320c053 Mon Sep 17 00:00:00 2001
From: VirtualTam 
Date: Mon, 15 Apr 2019 23:57:08 +0200
Subject: backport: Fix a warning if links sticky status isn't set

- initiate its status to false when the link is created
- if not defined, initiate its status to false (can happen if the updater hasn't run)

This is a backport of https://github.com/shaarli/Shaarli/pull/1270

Original author information:

commit b790f900c937d0d8f6eccc15d2b4c26023f3d276
Author: ArthurHoaro 
Date:   Sat Feb 9 14:04:16 2019 +0100

Signed-off-by: VirtualTam 
---
 index.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'index.php')

diff --git a/index.php b/index.php
index acfcc660..4deed197 100644
--- a/index.php
+++ b/index.php
@@ -1179,6 +1179,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
             $link['thumbnail'] = $thumbnailer->get($url);
         }
 
+        $link['sticky'] = isset($link['sticky']) ? $link['sticky'] : false;
+
         $pluginManager->executeHooks('save_link', $link);
 
         $LINKSDB[$id] = $link;
-- 
cgit v1.2.3