diff options
author | Nicolas Lœuillet <nicolas@loeuillet.org> | 2014-07-25 07:27:21 +0200 |
---|---|---|
committer | Nicolas Lœuillet <nicolas@loeuillet.org> | 2014-07-25 07:27:21 +0200 |
commit | fa9a7bbb3c61116e5db76c9f25ef2340fef971d7 (patch) | |
tree | cd733e8548290158d578da185bd541e7fe4b1a31 /index.php | |
parent | ebd6bf6007e0fad4c3e11dac0e79f687e1d195a2 (diff) | |
parent | 830612f555d8bc72669fe9bc0686680001af0e52 (diff) | |
download | wallabag-fa9a7bbb3c61116e5db76c9f25ef2340fef971d7.tar.gz wallabag-fa9a7bbb3c61116e5db76c9f25ef2340fef971d7.tar.zst wallabag-fa9a7bbb3c61116e5db76c9f25ef2340fef971d7.zip |
Merge branch 'fix/securityAllowedActions' into dev
Diffstat (limited to 'index.php')
-rwxr-xr-x | index.php | 136 |
1 files changed, 7 insertions, 129 deletions
@@ -5,140 +5,18 @@ | |||
5 | * @category wallabag | 5 | * @category wallabag |
6 | * @author Nicolas Lœuillet <nicolas@loeuillet.org> | 6 | * @author Nicolas Lœuillet <nicolas@loeuillet.org> |
7 | * @copyright 2013 | 7 | * @copyright 2013 |
8 | * @license http://www.wtfpl.net/ see COPYING file | 8 | * @license http://opensource.org/licenses/MIT see COPYING file |
9 | */ | 9 | */ |
10 | 10 | ||
11 | define ('POCHE', '1.7.1'); | 11 | define ('POCHE', '1.8.0'); |
12 | require 'check_essentials.php'; | 12 | require 'check_essentials.php'; |
13 | require_once 'inc/poche/global.inc.php'; | 13 | require_once 'inc/poche/global.inc.php'; |
14 | require 'check_setup.php'; | 14 | require 'check_setup.php'; |
15 | 15 | ||
16 | # Set error reporting level | 16 | // Start session |
17 | if (defined('ERROR_REPORTING')) { | 17 | Session::$sessionName = 'wallabag'; |
18 | error_reporting(ERROR_REPORTING); | ||
19 | } | ||
20 | |||
21 | # Start session | ||
22 | Session::$sessionName = 'poche'; | ||
23 | Session::init(); | 18 | Session::init(); |
24 | 19 | ||
25 | # Start Poche | 20 | // Let's rock ! |
26 | $poche = new Poche(); | 21 | $wallabag = new Poche(); |
27 | $notInstalledMessage = $poche -> getNotInstalledMessage(); | 22 | $wallabag->run(); \ No newline at end of file |
28 | |||
29 | # Parse GET & REFERER vars | ||
30 | $referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; | ||
31 | $view = Tools::checkVar('view', 'home'); | ||
32 | $action = Tools::checkVar('action'); | ||
33 | $id = Tools::checkVar('id'); | ||
34 | $_SESSION['sort'] = Tools::checkVar('sort', 'id'); | ||
35 | $url = new Url((isset ($_GET['url'])) ? $_GET['url'] : ''); | ||
36 | |||
37 | # vars to _always_ send to templates | ||
38 | $tpl_vars = array( | ||
39 | 'referer' => $referer, | ||
40 | 'view' => $view, | ||
41 | 'poche_url' => Tools::getPocheUrl(), | ||
42 | 'title' => _('wallabag, a read it later open source system'), | ||
43 | 'token' => Session::getToken(), | ||
44 | 'theme' => $poche->getTheme() | ||
45 | ); | ||
46 | |||
47 | if (! empty($notInstalledMessage)) { | ||
48 | if (! Poche::$canRenderTemplates || ! Poche::$configFileAvailable) { | ||
49 | # We cannot use Twig to display the error message | ||
50 | echo '<h1>Errors</h1><ol>'; | ||
51 | foreach ($notInstalledMessage as $message) { | ||
52 | echo '<li>' . $message . '</li>'; | ||
53 | } | ||
54 | echo '</ol>'; | ||
55 | die(); | ||
56 | } else { | ||
57 | # Twig is installed, put the error message in the template | ||
58 | $tpl_file = Tools::getTplFile('error'); | ||
59 | $tpl_vars = array_merge($tpl_vars, array('msg' => $poche->getNotInstalledMessage())); | ||
60 | echo $poche->tpl->render($tpl_file, $tpl_vars); | ||
61 | exit; | ||
62 | } | ||
63 | } | ||
64 | |||
65 | # poche actions | ||
66 | if (isset($_GET['login'])) { | ||
67 | # hello you | ||
68 | $poche->login($referer); | ||
69 | } elseif (isset($_GET['logout'])) { | ||
70 | # see you soon ! | ||
71 | $poche->logout(); | ||
72 | } elseif (isset($_GET['config'])) { | ||
73 | # Update password | ||
74 | $poche->updatePassword(); | ||
75 | } elseif (isset($_GET['newuser'])) { | ||
76 | $poche->createNewUser(); | ||
77 | } elseif (isset($_GET['deluser'])) { | ||
78 | $poche->deleteUser(); | ||
79 | } elseif (isset($_GET['epub'])) { | ||
80 | $poche->createEpub(); | ||
81 | } elseif (isset($_GET['import'])) { | ||
82 | $import = $poche->import(); | ||
83 | $tpl_vars = array_merge($tpl_vars, $import); | ||
84 | } elseif (isset($_GET['download'])) { | ||
85 | Tools::download_db(); | ||
86 | } elseif (isset($_GET['empty-cache'])) { | ||
87 | $poche->emptyCache(); | ||
88 | } elseif (isset($_GET['export'])) { | ||
89 | $poche->export(); | ||
90 | } elseif (isset($_GET['updatetheme'])) { | ||
91 | $poche->updateTheme(); | ||
92 | } elseif (isset($_GET['updatelanguage'])) { | ||
93 | $poche->updateLanguage(); | ||
94 | } elseif (isset($_GET['uploadfile'])) { | ||
95 | $poche->uploadFile(); | ||
96 | } elseif (isset($_GET['feed'])) { | ||
97 | if (isset($_GET['action']) && $_GET['action'] == 'generate') { | ||
98 | $poche->generateToken(); | ||
99 | } | ||
100 | else { | ||
101 | $tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0); | ||
102 | $poche->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']); | ||
103 | } | ||
104 | } | ||
105 | |||
106 | elseif (isset($_GET['plainurl']) && !empty($_GET['plainurl'])) { | ||
107 | $plain_url = new Url(base64_encode($_GET['plainurl'])); | ||
108 | $poche->action('add', $plain_url); | ||
109 | } | ||
110 | |||
111 | if (Session::isLogged()) { | ||
112 | $poche->action($action, $url, $id); | ||
113 | $tpl_file = Tools::getTplFile($view); | ||
114 | $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id)); | ||
115 | } elseif(isset($_SERVER['PHP_AUTH_USER'])) { | ||
116 | if($poche->store->userExists($_SERVER['PHP_AUTH_USER'])) { | ||
117 | $poche->login($referer); | ||
118 | } else { | ||
119 | $poche->messages->add('e', _('login failed: user doesn\'t exist')); | ||
120 | Tools::logm('user doesn\'t exist'); | ||
121 | $tpl_file = Tools::getTplFile('login'); | ||
122 | $tpl_vars['http_auth'] = 1; | ||
123 | } | ||
124 | } elseif(isset($_SERVER['REMOTE_USER'])) { | ||
125 | if($poche->store->userExists($_SERVER['REMOTE_USER'])) { | ||
126 | $poche->login($referer); | ||
127 | } else { | ||
128 | $poche->messages->add('e', _('login failed: user doesn\'t exist')); | ||
129 | Tools::logm('user doesn\'t exist'); | ||
130 | $tpl_file = Tools::getTplFile('login'); | ||
131 | $tpl_vars['http_auth'] = 1; | ||
132 | } | ||
133 | } else { | ||
134 | $tpl_file = Tools::getTplFile('login'); | ||
135 | $tpl_vars['http_auth'] = 0; | ||
136 | Session::logout(); | ||
137 | } | ||
138 | |||
139 | # because messages can be added in $poche->action(), we have to add this entry now (we can add it before) | ||
140 | $messages = $poche->messages->display('all', FALSE); | ||
141 | $tpl_vars = array_merge($tpl_vars, array('messages' => $messages)); | ||
142 | |||
143 | # display poche | ||
144 | echo $poche->tpl->render($tpl_file, $tpl_vars); | ||