aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
authorNicolas Lœuillet <nicolas@loeuillet.org>2014-07-25 07:27:21 +0200
committerNicolas Lœuillet <nicolas@loeuillet.org>2014-07-25 07:27:21 +0200
commitfa9a7bbb3c61116e5db76c9f25ef2340fef971d7 (patch)
treecd733e8548290158d578da185bd541e7fe4b1a31 /index.php
parentebd6bf6007e0fad4c3e11dac0e79f687e1d195a2 (diff)
parent830612f555d8bc72669fe9bc0686680001af0e52 (diff)
downloadwallabag-fa9a7bbb3c61116e5db76c9f25ef2340fef971d7.tar.gz
wallabag-fa9a7bbb3c61116e5db76c9f25ef2340fef971d7.tar.zst
wallabag-fa9a7bbb3c61116e5db76c9f25ef2340fef971d7.zip
Merge branch 'fix/securityAllowedActions' into dev
Diffstat (limited to 'index.php')
-rwxr-xr-xindex.php136
1 files changed, 7 insertions, 129 deletions
diff --git a/index.php b/index.php
index cce10b50..f191d7e7 100755
--- a/index.php
+++ b/index.php
@@ -5,140 +5,18 @@
5 * @category wallabag 5 * @category wallabag
6 * @author Nicolas Lœuillet <nicolas@loeuillet.org> 6 * @author Nicolas Lœuillet <nicolas@loeuillet.org>
7 * @copyright 2013 7 * @copyright 2013
8 * @license http://www.wtfpl.net/ see COPYING file 8 * @license http://opensource.org/licenses/MIT see COPYING file
9 */ 9 */
10 10
11define ('POCHE', '1.7.1'); 11define ('POCHE', '1.8.0');
12require 'check_essentials.php'; 12require 'check_essentials.php';
13require_once 'inc/poche/global.inc.php'; 13require_once 'inc/poche/global.inc.php';
14require 'check_setup.php'; 14require 'check_setup.php';
15 15
16# Set error reporting level 16// Start session
17if (defined('ERROR_REPORTING')) { 17Session::$sessionName = 'wallabag';
18 error_reporting(ERROR_REPORTING);
19}
20
21# Start session
22Session::$sessionName = 'poche';
23Session::init(); 18Session::init();
24 19
25# Start Poche 20// Let's rock !
26$poche = new Poche(); 21$wallabag = new Poche();
27$notInstalledMessage = $poche -> getNotInstalledMessage(); 22$wallabag->run(); \ No newline at end of file
28
29# Parse GET & REFERER vars
30$referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
31$view = Tools::checkVar('view', 'home');
32$action = Tools::checkVar('action');
33$id = Tools::checkVar('id');
34$_SESSION['sort'] = Tools::checkVar('sort', 'id');
35$url = new Url((isset ($_GET['url'])) ? $_GET['url'] : '');
36
37# vars to _always_ send to templates
38$tpl_vars = array(
39 'referer' => $referer,
40 'view' => $view,
41 'poche_url' => Tools::getPocheUrl(),
42 'title' => _('wallabag, a read it later open source system'),
43 'token' => Session::getToken(),
44 'theme' => $poche->getTheme()
45);
46
47if (! empty($notInstalledMessage)) {
48 if (! Poche::$canRenderTemplates || ! Poche::$configFileAvailable) {
49 # We cannot use Twig to display the error message
50 echo '<h1>Errors</h1><ol>';
51 foreach ($notInstalledMessage as $message) {
52 echo '<li>' . $message . '</li>';
53 }
54 echo '</ol>';
55 die();
56 } else {
57 # Twig is installed, put the error message in the template
58 $tpl_file = Tools::getTplFile('error');
59 $tpl_vars = array_merge($tpl_vars, array('msg' => $poche->getNotInstalledMessage()));
60 echo $poche->tpl->render($tpl_file, $tpl_vars);
61 exit;
62 }
63}
64
65# poche actions
66if (isset($_GET['login'])) {
67 # hello you
68 $poche->login($referer);
69} elseif (isset($_GET['logout'])) {
70 # see you soon !
71 $poche->logout();
72} elseif (isset($_GET['config'])) {
73 # Update password
74 $poche->updatePassword();
75} elseif (isset($_GET['newuser'])) {
76 $poche->createNewUser();
77} elseif (isset($_GET['deluser'])) {
78 $poche->deleteUser();
79} elseif (isset($_GET['epub'])) {
80 $poche->createEpub();
81} elseif (isset($_GET['import'])) {
82 $import = $poche->import();
83 $tpl_vars = array_merge($tpl_vars, $import);
84} elseif (isset($_GET['download'])) {
85 Tools::download_db();
86} elseif (isset($_GET['empty-cache'])) {
87 $poche->emptyCache();
88} elseif (isset($_GET['export'])) {
89 $poche->export();
90} elseif (isset($_GET['updatetheme'])) {
91 $poche->updateTheme();
92} elseif (isset($_GET['updatelanguage'])) {
93 $poche->updateLanguage();
94} elseif (isset($_GET['uploadfile'])) {
95 $poche->uploadFile();
96} elseif (isset($_GET['feed'])) {
97 if (isset($_GET['action']) && $_GET['action'] == 'generate') {
98 $poche->generateToken();
99 }
100 else {
101 $tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0);
102 $poche->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']);
103 }
104}
105
106elseif (isset($_GET['plainurl']) && !empty($_GET['plainurl'])) {
107 $plain_url = new Url(base64_encode($_GET['plainurl']));
108 $poche->action('add', $plain_url);
109}
110
111if (Session::isLogged()) {
112 $poche->action($action, $url, $id);
113 $tpl_file = Tools::getTplFile($view);
114 $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id));
115} elseif(isset($_SERVER['PHP_AUTH_USER'])) {
116 if($poche->store->userExists($_SERVER['PHP_AUTH_USER'])) {
117 $poche->login($referer);
118 } else {
119 $poche->messages->add('e', _('login failed: user doesn\'t exist'));
120 Tools::logm('user doesn\'t exist');
121 $tpl_file = Tools::getTplFile('login');
122 $tpl_vars['http_auth'] = 1;
123 }
124} elseif(isset($_SERVER['REMOTE_USER'])) {
125 if($poche->store->userExists($_SERVER['REMOTE_USER'])) {
126 $poche->login($referer);
127 } else {
128 $poche->messages->add('e', _('login failed: user doesn\'t exist'));
129 Tools::logm('user doesn\'t exist');
130 $tpl_file = Tools::getTplFile('login');
131 $tpl_vars['http_auth'] = 1;
132 }
133} else {
134 $tpl_file = Tools::getTplFile('login');
135 $tpl_vars['http_auth'] = 0;
136 Session::logout();
137}
138
139# because messages can be added in $poche->action(), we have to add this entry now (we can add it before)
140$messages = $poche->messages->display('all', FALSE);
141$tpl_vars = array_merge($tpl_vars, array('messages' => $messages));
142
143# display poche
144echo $poche->tpl->render($tpl_file, $tpl_vars);