8 files changed, 9 insertions, 553 deletions
diff --git a/inc/3rdparty/PicoFarad/Request.php b/inc/3rdparty/PicoFarad/Request.php
deleted file mode 100644
index 46c82bca..00000000
--- a/inc/3rdparty/PicoFarad/Request.php
+++ /dev/null
@@ -1,78 +0,0 @@
-<?php
-namespace PicoFarad\Request;
-function param($name, $default_value = null)
-{
-    return isset($_GET[$name]) ? $_GET[$name] : $default_value;
-}
-function int_param($name, $default_value = 0)
-{
-    return isset($_GET[$name]) && ctype_digit($_GET[$name]) ? (int) $_GET[$name] : $default_value;
-}
-function value($name)
-{
-    $values = values();
-    return isset($values[$name]) ? $values[$name] : null;
-}
-function values()
-{
-    if (! empty($_POST)) {
-        return $_POST;
-    }
-    $result = json_decode(body(), true);
-    if ($result) {
-        return $result;
-    }
-    return array();
-}
-function body()
-{
-    return file_get_contents('php://input');
-}
-function file_content($field)
-{
-    if (isset($_FILES[$field])) {
-        return file_get_contents($_FILES[$field]['tmp_name']);
-    }
-    return '';
-}
-function file_info($field)
-{
-    if (isset($_FILES[$field])) {
-        return array(
-            'name' => $_FILES[$field]['name'],
-            'mimetype' => $_FILES[$field]['type'],
-            'size' => $_FILES[$field]['size'],
-        );
-    }
-    return false;
-}
-function file_move($field, $destination)
-{
-    if (isset($_FILES[$field]) && ! file_exists($destination)) {
-        @mkdir(dirname($destination), 0777, true);
-        move_uploaded_file($_FILES[$field]['tmp_name'], $destination);
-    }
-}
-\ No newline at end of file
diff --git a/inc/3rdparty/PicoFarad/Response.php b/inc/3rdparty/PicoFarad/Response.php
deleted file mode 100644
index 9114fde0..00000000
--- a/inc/3rdparty/PicoFarad/Response.php
+++ /dev/null
@@ -1,156 +0,0 @@
-<?php
-namespace PicoFarad\Response;
-function force_download($filename)
-{
-    header('Content-Disposition: attachment; filename="'.$filename.'"');
-}
-function content_type($mimetype)
-{
-    header('Content-Type: '.$mimetype);
-}
-function status($status_code)
-{
-    $sapi_name = php_sapi_name();
-    if (strpos($sapi_name, 'apache') !== false || $sapi_name === 'cli-server') {
-        header('HTTP/1.0 '.$status_code);
-    }
-    else {
-        header('Status: '.$status_code);
-    }
-}
-function redirect($url)
-{
-    header('Location: '.$url);
-    exit;
-}
-function json(array $data, $status_code = 200)
-{
-    status($status_code);
-    header('Content-Type: application/json');
-    echo json_encode($data);
-    exit;
-}
-function text($data, $status_code = 200)
-{
-    status($status_code);
-    header('Content-Type: text/plain; charset=utf-8');
-    echo $data;
-    exit;
-}
-function html($data, $status_code = 200)
-{
-    status($status_code);
-    header('Content-Type: text/html; charset=utf-8');
-    echo $data;
-    exit;
-}
-function xml($data, $status_code = 200)
-{
-    status($status_code);
-    header('Content-Type: text/xml; charset=utf-8');
-    echo $data;
-    exit;
-}
-function js($data, $status_code = 200)
-{
-    status($status_code);
-    header('Content-Type: text/javascript; charset=utf-8');
-    echo $data;
-    exit;
-}
-function binary($data, $status_code = 200)
-{
-    status($status_code);
-    header('Content-Transfer-Encoding: binary');
-    header('Content-Type: application/octet-stream');
-    echo $data;
-    exit;
-}
-function csp(array $policies = array())
-{
-    $policies['default-src'] = "'self'";
-    $values = '';
-    foreach ($policies as $policy => $hosts) {
-        if (is_array($hosts)) {
-            $acl = '';
-            foreach ($hosts as &$host) {
-                if ($host === '*' || $host === 'self' || strpos($host, 'http') === 0) {
-                    $acl .= $host.' ';
-                }
-            }
-        }
-        else {
-            $acl = $hosts;
-        }
-        $values .= $policy.' '.trim($acl).'; ';
-    }
-    header('Content-Security-Policy: '.$values);
-}
-function nosniff()
-{
-    header('X-Content-Type-Options: nosniff');
-}
-function xss()
-{
-    header('X-XSS-Protection: 1; mode=block');
-}
-function hsts()
-{
-    header('Strict-Transport-Security: max-age=31536000');
-}
-function xframe($mode = 'DENY', array $urls = array())
-{
-    header('X-Frame-Options: '.$mode.' '.implode(' ', $urls));
-}
-\ No newline at end of file
diff --git a/inc/3rdparty/PicoFarad/Router.php b/inc/3rdparty/PicoFarad/Router.php
deleted file mode 100644
index b62b8e2d..00000000
--- a/inc/3rdparty/PicoFarad/Router.php
+++ /dev/null
@@ -1,157 +0,0 @@
-<?php
-namespace PicoFarad\Router;
-// Load controllers: bootstrap('controllers', 'controller1', 'controller2')
-function bootstrap()
-{
-    $files = \func_get_args();
-    $base_path = array_shift($files);
-    foreach ($files as $file) {
-        require $base_path.'/'.$file.'.php';
-    }
-}
-// Execute a callback before each action
-function before($value = null)
-{
-    static $before_callback = null;
-    if (is_callable($value)) {
-        $before_callback = $value;
-    }
-    else if (is_callable($before_callback)) {
-        $before_callback($value);
-    }
-}
-// Execute a callback before a specific action
-function before_action($name, $value = null)
-{
-    static $callbacks = array();
-    if (is_callable($value)) {
-        $callbacks[$name] = $value;
-    }
-    else if (isset($callbacks[$name]) && is_callable($callbacks[$name])) {
-        $callbacks[$name]($value);
-    }
-}
-// Execute an action
-function action($name, \Closure $callback)
-{
-    $handler = isset($_GET['action']) ? $_GET['action'] : 'default';
-    if ($handler === $name) {
-        before($name);
-        before_action($name);
-        $callback();
-    }
-}
-// Execute an action only for POST requests
-function post_action($name, \Closure $callback)
-{
-    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-        action($name, $callback);
-    }
-}
-// Execute an action only for GET requests
-function get_action($name, \Closure $callback)
-{
-    if ($_SERVER['REQUEST_METHOD'] === 'GET') {
-        action($name, $callback);
-    }
-}
-// Run when no action have been executed before
-function notfound(\Closure $callback)
-{
-    before('notfound');
-    before_action('notfound');
-    $callback();
-}
-// Match a request like this one: GET /myhandler
-function get($url, \Closure $callback)
-{
-    find_route('GET', $url, $callback);
-}
-// Match a request like this one: POST /myhandler
-function post($url, \Closure $callback)
-{
-    find_route('POST', $url, $callback);
-}
-// Match a request like this one: PUT /myhandler
-function put($url, \Closure $callback)
-{
-    find_route('PUT', $url, $callback);
-}
-// Match a request like this one: DELETE /myhandler
-function delete($url, \Closure $callback)
-{
-    find_route('DELETE', $url, $callback);
-}
-// Define which callback to execute according to the URL and the HTTP verb
-function find_route($method, $route, \Closure $callback)
-{
-    if ($_SERVER['REQUEST_METHOD'] === $method) {
-        if (! empty($_SERVER['QUERY_STRING'])) {
-            $url = substr($_SERVER['REQUEST_URI'], 0, -(strlen($_SERVER['QUERY_STRING']) + 1));
-        }
-        else {
-            $url = $_SERVER['REQUEST_URI'];
-        }
-        $params = array();
-        if (url_match($route, $url, $params)) {
-            before($route);
-            \call_user_func_array($callback, $params);
-            exit;
-        }
-    }
-}
-// Parse url and find matches
-function url_match($route_uri, $request_uri, array &$params)
-{
-    if ($request_uri === $route_uri) return true;
-    if ($route_uri === '/' || $request_uri === '/') return false;
-    $route_uri = trim($route_uri, '/');
-    $request_uri = trim($request_uri, '/');
-    $route_items = explode('/', $route_uri);
-    $request_items = explode('/', $request_uri);
-    $nb_route_items = count($route_items);
-    if ($nb_route_items === count($request_items)) {
-        for ($i = 0; $i < $nb_route_items; ++$i) {
-            if ($route_items[$i][0] === ':') {
-                $params[substr($route_items[$i], 1)] = $request_items[$i];
-            }
-            else if ($route_items[$i] !== $request_items[$i]) {
-                $params = array();
-                return false;
-            }
-        }
-        return true;
-    }
-    return false;
-}
diff --git a/inc/3rdparty/PicoFarad/Session.php b/inc/3rdparty/PicoFarad/Session.php
deleted file mode 100644
index ee7b415a..00000000
--- a/inc/3rdparty/PicoFarad/Session.php
+++ /dev/null
@@ -1,57 +0,0 @@
-<?php
-namespace PicoFarad\Session;
-const SESSION_LIFETIME = 2678400;
-function open($base_path = '/', $save_path = '')
-{
-    if ($save_path !== '') session_save_path($save_path);
-    // HttpOnly and secure flags for session cookie
-    session_set_cookie_params(
-        SESSION_LIFETIME,
-        $base_path ?: '/',
-        null,
-        isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on',
-        true
-    );
-    // Avoid session id in the URL
-    ini_set('session.use_only_cookies', true);
-    // Ensure session ID integrity
-    ini_set('session.entropy_file', '/dev/urandom');
-    ini_set('session.entropy_length', '32');
-    ini_set('session.hash_bits_per_character', 6);
-    // Custom session name
-    session_name('__$');
-    session_start();
-    // Regenerate the session id to avoid session fixation issue
-    if (empty($_SESSION['__validated'])) {
-        session_regenerate_id(true);
-        $_SESSION['__validated'] = 1;
-    }
-}
-function close()
-{
-    session_destroy();
-}
-function flash($message)
-{
-    $_SESSION['flash_message'] = $message;
-}
-function flash_error($message)
-{
-    $_SESSION['flash_error_message'] = $message;
-}
-\ No newline at end of file
diff --git a/inc/3rdparty/PicoFarad/Template.php b/inc/3rdparty/PicoFarad/Template.php
deleted file mode 100644
index c32be309..00000000
--- a/inc/3rdparty/PicoFarad/Template.php
+++ /dev/null
@@ -1,36 +0,0 @@
-<?php
-namespace PicoFarad\Template;
-const PATH = 'templates/';
-// Template\load('template_name', ['bla' => 'value']);
-function load()
-{
-    if (func_num_args() < 1 || func_num_args() > 2) {
-        die('Invalid template arguments');
-    }
-    if (! file_exists(PATH.func_get_arg(0).'.php')) {
-        die('Unable to load the template: "'.func_get_arg(0).'"');
-    }
-    if (func_num_args() === 2) {
-        if (! is_array(func_get_arg(1))) {
-            die('Template variables must be an array');
-        }
-        extract(func_get_arg(1));
-    }
-    ob_start();
-    include PATH.func_get_arg(0).'.php';
-    return ob_get_clean();
-}
-function layout($template_name, array $template_args = array(), $layout_name = 'layout')
-{
-    return load($layout_name, $template_args + array('content_for_layout' => load($template_name, $template_args)));
-}
diff --git a/inc/poche/Routing.class.php b/inc/poche/Routing.class.php
index 6e2c046b..8c2f38e3 100644
--- a/inc/poche/Routing.class.php
+++ b/inc/poche/Routing.class.php
@@ -11,8 +11,8 @@
 class Routing
 {
    protected $wallabag;
-    public $referer;
+    protected $referer;
-    public $view;
+    protected $view;
    protected $action;
    protected $id;
    protected $url;
@@ -55,7 +55,7 @@ class Routing
        # because messages can be added in $poche->action(), we have to add this entry now (we can add it before)
        $this->vars = array_merge($this->vars, array('messages' => $this->wallabag->messages->display('all', FALSE)));
-        $this->render($this->file, $this->vars);
+        $this->_render($this->file, $this->vars);
    }
    private function _defineTplInformation()
@@ -142,7 +142,7 @@ class Routing
        }
    }
-    public function render($file, $vars)
+    public function _render($file, $vars)
    {
        echo $this->wallabag->tpl->render($file, $vars);
    }
diff --git a/inc/poche/global.inc.php b/inc/poche/global.inc.php
index 9d710b6c..3eb64df0 100755
--- a/inc/poche/global.inc.php
+++ b/inc/poche/global.inc.php
@@ -40,12 +40,6 @@ require_once INCLUDES . '/3rdparty/libraries/PHPePub/Logger.php';
 require_once INCLUDES . '/3rdparty/libraries/PHPePub/EPub.php';
 require_once INCLUDES . '/3rdparty/libraries/PHPePub/EPubChapterSplitter.php';
-require_once INCLUDES . '/3rdparty/PicoFarad/Request.php';
-require_once INCLUDES . '/3rdparty/PicoFarad/Response.php';
-require_once INCLUDES . '/3rdparty/PicoFarad/Router.php';
-require_once INCLUDES . '/3rdparty/PicoFarad/Session.php';
-require_once INCLUDES . '/3rdparty/PicoFarad/Template.php';
 # system configuration; database credentials et caetera
 require_once INCLUDES . '/poche/config.inc.php';
 require_once INCLUDES . '/poche/config.inc.default.php';
@@ -61,10 +55,3 @@ if (!ini_get('date.timezone') || !@date_default_timezone_set(ini_get('date.timez
 if (defined('ERROR_REPORTING')) {
    error_reporting(ERROR_REPORTING);
 }
-// Start session
-Session::$sessionName = 'wallabag';
-Session::init();
-// Let's rock !
-$wallabag = new Poche();
diff --git a/index.php b/index.php
index 6f190518..e199956c 100755
--- a/index.php
+++ b/index.php
@@ -12,56 +12,9 @@ define ('POCHE', '1.8.0');
 require 'check_setup.php';
 require_once 'inc/poche/global.inc.php';
+// Start session
+Session::$sessionName = 'wallabag';
+Session::init();
-use PicoFarad\Router;
+// Let's rock !
-use PicoFarad\Response;
+$wallabag = new Poche();
-use PicoFarad\Request;
-use PicoFarad\Session;
-// Called before each action
-Router\before(function($action) {
-    // Open a session only for the specified directory
-    Session\open(dirname($_SERVER['PHP_SELF']));
-    // HTTP secure headers
-    Response\csp();
-    Response\xframe();
-    Response\xss();
-    Response\nosniff();
-});
-// Show help
-Router\get_action('unread', function() use ($wallabag) {
-    $view = 'home';
-    $id = 0;
-    $tpl_vars = array(
-        'referer' => $wallabag->routing->referer,
-        'view' => $wallabag->routing->view,
-        'poche_url' => Tools::getPocheUrl(),
-        'title' => _('wallabag, a read it later open source system'),
-        'token' => \Session::getToken(),
-        'theme' => $wallabag->tpl->getTheme(),
-        'entries' => '',
-        'page_links' => '',
-        'nb_results' => '',
-        'listmode' => (isset($_COOKIE['listmode']) ? true : false),
-    );
-    $count = $wallabag->store->getEntriesByViewCount($view, $wallabag->user->getId(), $id);
-    if ($count > 0) {
-        $wallabag->pagination->set_total($count);
-        $page_links = str_replace(array('previous', 'next'), array(_('previous'), _('next')),
-            $wallabag->pagination->page_links('?view=' . $view . '&sort=' . $_SESSION['sort'] . (($id)?'&id='.$id:'') . '&' ));
-        $tpl_vars['entries'] = $wallabag->store->getEntriesByView($view, $wallabag->user->getId(), $wallabag->pagination->get_limit(), $id);
-        $tpl_vars['page_links'] = $page_links;
-        $tpl_vars['nb_results'] = $count;
-    }
-    $wallabag->routing->render('home.twig', $tpl_vars);
-    Tools::logm('display ' . $view . ' view');
-});

diff --git a/inc/3rdparty/PicoFarad/Request.php b/inc/3rdparty/PicoFarad/Request.php deleted file mode 100644 index 46c82bca..00000000 --- a/inc/3rdparty/PicoFarad/Request.php +++ /dev/null
@@ -1,78 +0,0 @@
1	<?php
2
3	namespace PicoFarad\Request;
4
5
6	function param($name, $default_value = null)
7	{
8	return isset($_GET[$name]) ? $_GET[$name] : $default_value;
9	}
10
11
12	function int_param($name, $default_value = 0)
13	{
14	return isset($_GET[$name]) && ctype_digit($_GET[$name]) ? (int) $_GET[$name] : $default_value;
15	}
16
17
18	function value($name)
19	{
20	$values = values();
21	return isset($values[$name]) ? $values[$name] : null;
22	}
23
24
25	function values()
26	{
27	if (! empty($_POST)) {
28
29	return $_POST;
30	}
31
32	$result = json_decode(body(), true);
33
34	if ($result) {
35	return $result;
36	}
37
38	return array();
39	}
40
41
42	function body()
43	{
44	return file_get_contents('php://input');
45	}
46
47
48	function file_content($field)
49	{
50	if (isset($_FILES[$field])) {
51	return file_get_contents($_FILES[$field]['tmp_name']);
52	}
53
54	return '';
55	}
56
57
58	function file_info($field)
59	{
60	if (isset($_FILES[$field])) {
61	return array(
62	'name' => $_FILES[$field]['name'],
63	'mimetype' => $_FILES[$field]['type'],
64	'size' => $_FILES[$field]['size'],
65	);
66	}
67
68	return false;
69	}
70
71
72	function file_move($field, $destination)
73	{
74	if (isset($_FILES[$field]) && ! file_exists($destination)) {
75	@mkdir(dirname($destination), 0777, true);
76	move_uploaded_file($_FILES[$field]['tmp_name'], $destination);
77	}
78	} \ No newline at end of file


diff --git a/inc/3rdparty/PicoFarad/Response.php b/inc/3rdparty/PicoFarad/Response.php deleted file mode 100644 index 9114fde0..00000000 --- a/inc/3rdparty/PicoFarad/Response.php +++ /dev/null
@@ -1,156 +0,0 @@
1	<?php
2
3	namespace PicoFarad\Response;
4
5
6	function force_download($filename)
7	{
8	header('Content-Disposition: attachment; filename="'.$filename.'"');
9	}
10
11
12	function content_type($mimetype)
13	{
14	header('Content-Type: '.$mimetype);
15	}
16
17
18	function status($status_code)
19	{
20	$sapi_name = php_sapi_name();
21
22	if (strpos($sapi_name, 'apache') !== false \|\| $sapi_name === 'cli-server') {
23	header('HTTP/1.0 '.$status_code);
24	}
25	else {
26	header('Status: '.$status_code);
27	}
28	}
29
30
31	function redirect($url)
32	{
33	header('Location: '.$url);
34	exit;
35	}
36
37
38	function json(array $data, $status_code = 200)
39	{
40	status($status_code);
41
42	header('Content-Type: application/json');
43	echo json_encode($data);
44
45	exit;
46	}
47
48
49	function text($data, $status_code = 200)
50	{
51	status($status_code);
52
53	header('Content-Type: text/plain; charset=utf-8');
54	echo $data;
55
56	exit;
57	}
58
59
60	function html($data, $status_code = 200)
61	{
62	status($status_code);
63
64	header('Content-Type: text/html; charset=utf-8');
65	echo $data;
66
67	exit;
68	}
69
70
71	function xml($data, $status_code = 200)
72	{
73	status($status_code);
74
75	header('Content-Type: text/xml; charset=utf-8');
76	echo $data;
77
78	exit;
79	}
80
81
82	function js($data, $status_code = 200)
83	{
84	status($status_code);
85
86	header('Content-Type: text/javascript; charset=utf-8');
87	echo $data;
88
89	exit;
90	}
91
92
93	function binary($data, $status_code = 200)
94	{
95	status($status_code);
96
97	header('Content-Transfer-Encoding: binary');
98	header('Content-Type: application/octet-stream');
99	echo $data;
100
101	exit;
102	}
103
104
105	function csp(array $policies = array())
106	{
107	$policies['default-src'] = "'self'";
108	$values = '';
109
110	foreach ($policies as $policy => $hosts) {
111
112	if (is_array($hosts)) {
113
114	$acl = '';
115
116	foreach ($hosts as &$host) {
117
118	if ($host === '*' \|\| $host === 'self' \|\| strpos($host, 'http') === 0) {
119	$acl .= $host.' ';
120	}
121	}
122	}
123	else {
124
125	$acl = $hosts;
126	}
127
128	$values .= $policy.' '.trim($acl).'; ';
129	}
130
131	header('Content-Security-Policy: '.$values);
132	}
133
134
135	function nosniff()
136	{
137	header('X-Content-Type-Options: nosniff');
138	}
139
140
141	function xss()
142	{
143	header('X-XSS-Protection: 1; mode=block');
144	}
145
146
147	function hsts()
148	{
149	header('Strict-Transport-Security: max-age=31536000');
150	}
151
152
153	function xframe($mode = 'DENY', array $urls = array())
154	{
155	header('X-Frame-Options: '.$mode.' '.implode(' ', $urls));
156	} \ No newline at end of file


diff --git a/inc/3rdparty/PicoFarad/Router.php b/inc/3rdparty/PicoFarad/Router.php deleted file mode 100644 index b62b8e2d..00000000 --- a/inc/3rdparty/PicoFarad/Router.php +++ /dev/null
@@ -1,157 +0,0 @@
1	<?php
2
3	namespace PicoFarad\Router;
4
5	// Load controllers: bootstrap('controllers', 'controller1', 'controller2')
6	function bootstrap()
7	{
8	$files = \func_get_args();
9	$base_path = array_shift($files);
10
11	foreach ($files as $file) {
12	require $base_path.'/'.$file.'.php';
13	}
14	}
15
16	// Execute a callback before each action
17	function before($value = null)
18	{
19	static $before_callback = null;
20
21	if (is_callable($value)) {
22	$before_callback = $value;
23	}
24	else if (is_callable($before_callback)) {
25	$before_callback($value);
26	}
27	}
28
29	// Execute a callback before a specific action
30	function before_action($name, $value = null)
31	{
32	static $callbacks = array();
33
34	if (is_callable($value)) {
35	$callbacks[$name] = $value;
36	}
37	else if (isset($callbacks[$name]) && is_callable($callbacks[$name])) {
38	$callbacks[$name]($value);
39	}
40	}
41
42	// Execute an action
43	function action($name, \Closure $callback)
44	{
45	$handler = isset($_GET['action']) ? $_GET['action'] : 'default';
46
47	if ($handler === $name) {
48	before($name);
49	before_action($name);
50	$callback();
51	}
52	}
53
54	// Execute an action only for POST requests
55	function post_action($name, \Closure $callback)
56	{
57	if ($_SERVER['REQUEST_METHOD'] === 'POST') {
58	action($name, $callback);
59	}
60	}
61
62	// Execute an action only for GET requests
63	function get_action($name, \Closure $callback)
64	{
65	if ($_SERVER['REQUEST_METHOD'] === 'GET') {
66	action($name, $callback);
67	}
68	}
69
70	// Run when no action have been executed before
71	function notfound(\Closure $callback)
72	{
73	before('notfound');
74	before_action('notfound');
75	$callback();
76	}
77
78	// Match a request like this one: GET /myhandler
79	function get($url, \Closure $callback)
80	{
81	find_route('GET', $url, $callback);
82	}
83
84	// Match a request like this one: POST /myhandler
85	function post($url, \Closure $callback)
86	{
87	find_route('POST', $url, $callback);
88	}
89
90	// Match a request like this one: PUT /myhandler
91	function put($url, \Closure $callback)
92	{
93	find_route('PUT', $url, $callback);
94	}
95
96	// Match a request like this one: DELETE /myhandler
97	function delete($url, \Closure $callback)
98	{
99	find_route('DELETE', $url, $callback);
100	}
101
102	// Define which callback to execute according to the URL and the HTTP verb
103	function find_route($method, $route, \Closure $callback)
104	{
105	if ($_SERVER['REQUEST_METHOD'] === $method) {
106
107	if (! empty($_SERVER['QUERY_STRING'])) {
108	$url = substr($_SERVER['REQUEST_URI'], 0, -(strlen($_SERVER['QUERY_STRING']) + 1));
109	}
110	else {
111	$url = $_SERVER['REQUEST_URI'];
112	}
113
114	$params = array();
115
116	if (url_match($route, $url, $params)) {
117
118	before($route);
119	\call_user_func_array($callback, $params);
120	exit;
121	}
122	}
123	}
124
125	// Parse url and find matches
126	function url_match($route_uri, $request_uri, array &$params)
127	{
128	if ($request_uri === $route_uri) return true;
129	if ($route_uri === '/' \|\| $request_uri === '/') return false;
130
131	$route_uri = trim($route_uri, '/');
132	$request_uri = trim($request_uri, '/');
133
134	$route_items = explode('/', $route_uri);
135	$request_items = explode('/', $request_uri);
136	$nb_route_items = count($route_items);
137
138	if ($nb_route_items === count($request_items)) {
139
140	for ($i = 0; $i < $nb_route_items; ++$i) {
141
142	if ($route_items[$i][0] === ':') {
143
144	$params[substr($route_items[$i], 1)] = $request_items[$i];
145	}
146	else if ($route_items[$i] !== $request_items[$i]) {
147
148	$params = array();
149	return false;
150	}
151	}
152
153	return true;
154	}
155
156	return false;
157	}


diff --git a/inc/3rdparty/PicoFarad/Session.php b/inc/3rdparty/PicoFarad/Session.php deleted file mode 100644 index ee7b415a..00000000 --- a/inc/3rdparty/PicoFarad/Session.php +++ /dev/null
@@ -1,57 +0,0 @@
1	<?php
2
3	namespace PicoFarad\Session;
4
5	const SESSION_LIFETIME = 2678400;
6
7
8	function open($base_path = '/', $save_path = '')
9	{
10	if ($save_path !== '') session_save_path($save_path);
11
12	// HttpOnly and secure flags for session cookie
13	session_set_cookie_params(
14	SESSION_LIFETIME,
15	$base_path ?: '/',
16	null,
17	isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on',
18	true
19	);
20
21	// Avoid session id in the URL
22	ini_set('session.use_only_cookies', true);
23
24	// Ensure session ID integrity
25	ini_set('session.entropy_file', '/dev/urandom');
26	ini_set('session.entropy_length', '32');
27	ini_set('session.hash_bits_per_character', 6);
28
29	// Custom session name
30	session_name('__$');
31
32	session_start();
33
34	// Regenerate the session id to avoid session fixation issue
35	if (empty($_SESSION['__validated'])) {
36	session_regenerate_id(true);
37	$_SESSION['__validated'] = 1;
38	}
39	}
40
41
42	function close()
43	{
44	session_destroy();
45	}
46
47
48	function flash($message)
49	{
50	$_SESSION['flash_message'] = $message;
51	}
52
53
54	function flash_error($message)
55	{
56	$_SESSION['flash_error_message'] = $message;
57	} \ No newline at end of file


diff --git a/inc/3rdparty/PicoFarad/Template.php b/inc/3rdparty/PicoFarad/Template.php deleted file mode 100644 index c32be309..00000000 --- a/inc/3rdparty/PicoFarad/Template.php +++ /dev/null
@@ -1,36 +0,0 @@
1	<?php
2
3	namespace PicoFarad\Template;
4
5	const PATH = 'templates/';
6
7	// Template\load('template_name', ['bla' => 'value']);
8	function load()
9	{
10	if (func_num_args() < 1 \|\| func_num_args() > 2) {
11	die('Invalid template arguments');
12	}
13
14	if (! file_exists(PATH.func_get_arg(0).'.php')) {
15	die('Unable to load the template: "'.func_get_arg(0).'"');
16	}
17
18	if (func_num_args() === 2) {
19
20	if (! is_array(func_get_arg(1))) {
21	die('Template variables must be an array');
22	}
23
24	extract(func_get_arg(1));
25	}
26
27	ob_start();
28	include PATH.func_get_arg(0).'.php';
29	return ob_get_clean();
30	}
31
32
33	function layout($template_name, array $template_args = array(), $layout_name = 'layout')
34	{
35	return load($layout_name, $template_args + array('content_for_layout' => load($template_name, $template_args)));
36	}


diff --git a/inc/poche/Routing.class.php b/inc/poche/Routing.class.php index 6e2c046b..8c2f38e3 100644 --- a/inc/poche/Routing.class.php +++ b/inc/poche/Routing.class.php
@@ -11,8 +11,8 @@
11	class Routing	11	class Routing
12	{	12	{
13	protected $wallabag;	13	protected $wallabag;
14	public $referer;	14	protected $referer;
15	public $view;	15	protected $view;
16	protected $action;	16	protected $action;
17	protected $id;	17	protected $id;
18	protected $url;	18	protected $url;
@@ -55,7 +55,7 @@ class Routing
55	# because messages can be added in $poche->action(), we have to add this entry now (we can add it before)	55	# because messages can be added in $poche->action(), we have to add this entry now (we can add it before)
56	$this->vars = array_merge($this->vars, array('messages' => $this->wallabag->messages->display('all', FALSE)));	56	$this->vars = array_merge($this->vars, array('messages' => $this->wallabag->messages->display('all', FALSE)));
57		57
58	$this->render($this->file, $this->vars);	58	$this->_render($this->file, $this->vars);
59	}	59	}
60		60
61	private function _defineTplInformation()	61	private function _defineTplInformation()
@@ -142,7 +142,7 @@ class Routing
142	}	142	}
143	}	143	}
144		144
145	public function render($file, $vars)	145	public function _render($file, $vars)
146	{	146	{
147	echo $this->wallabag->tpl->render($file, $vars);	147	echo $this->wallabag->tpl->render($file, $vars);
148	}	148	}


diff --git a/inc/poche/global.inc.php b/inc/poche/global.inc.php index 9d710b6c..3eb64df0 100755 --- a/inc/poche/global.inc.php +++ b/inc/poche/global.inc.php
@@ -40,12 +40,6 @@ require_once INCLUDES . '/3rdparty/libraries/PHPePub/Logger.php';
40	require_once INCLUDES . '/3rdparty/libraries/PHPePub/EPub.php';	40	require_once INCLUDES . '/3rdparty/libraries/PHPePub/EPub.php';
41	require_once INCLUDES . '/3rdparty/libraries/PHPePub/EPubChapterSplitter.php';	41	require_once INCLUDES . '/3rdparty/libraries/PHPePub/EPubChapterSplitter.php';
42		42
43	require_once INCLUDES . '/3rdparty/PicoFarad/Request.php';
44	require_once INCLUDES . '/3rdparty/PicoFarad/Response.php';
45	require_once INCLUDES . '/3rdparty/PicoFarad/Router.php';
46	require_once INCLUDES . '/3rdparty/PicoFarad/Session.php';
47	require_once INCLUDES . '/3rdparty/PicoFarad/Template.php';
48
49	# system configuration; database credentials et caetera	43	# system configuration; database credentials et caetera
50	require_once INCLUDES . '/poche/config.inc.php';	44	require_once INCLUDES . '/poche/config.inc.php';
51	require_once INCLUDES . '/poche/config.inc.default.php';	45	require_once INCLUDES . '/poche/config.inc.default.php';
@@ -61,10 +55,3 @@ if (!ini_get('date.timezone') \|\| !@date_default_timezone_set(ini_get('date.timez
61	if (defined('ERROR_REPORTING')) {	55	if (defined('ERROR_REPORTING')) {
62	error_reporting(ERROR_REPORTING);	56	error_reporting(ERROR_REPORTING);
63	}	57	}
64
65	// Start session
66	Session::$sessionName = 'wallabag';
67	Session::init();
68
69	// Let's rock !
70	$wallabag = new Poche();


diff --git a/index.php b/index.php index 6f190518..e199956c 100755 --- a/index.php +++ b/index.php
@@ -12,56 +12,9 @@ define ('POCHE', '1.8.0');
12	require 'check_setup.php';	12	require 'check_setup.php';
13	require_once 'inc/poche/global.inc.php';	13	require_once 'inc/poche/global.inc.php';
14		14
		15	// Start session
		16	Session::$sessionName = 'wallabag';
		17	Session::init();
15		18
16	use PicoFarad\Router;	19	// Let's rock !
17	use PicoFarad\Response;	20	$wallabag = new Poche();
18	use PicoFarad\Request;
19	use PicoFarad\Session;
20
21	// Called before each action
22	Router\before(function($action) {
23
24	// Open a session only for the specified directory
25	Session\open(dirname($_SERVER['PHP_SELF']));
26
27	// HTTP secure headers
28	Response\csp();
29	Response\xframe();
30	Response\xss();
31	Response\nosniff();
32	});
33
34	// Show help
35	Router\get_action('unread', function() use ($wallabag) {
36	$view = 'home';
37	$id = 0;
38
39	$tpl_vars = array(
40	'referer' => $wallabag->routing->referer,
41	'view' => $wallabag->routing->view,
42	'poche_url' => Tools::getPocheUrl(),
43	'title' => _('wallabag, a read it later open source system'),
44	'token' => \Session::getToken(),
45	'theme' => $wallabag->tpl->getTheme(),
46	'entries' => '',
47	'page_links' => '',
48	'nb_results' => '',
49	'listmode' => (isset($_COOKIE['listmode']) ? true : false),
50	);
51
52	$count = $wallabag->store->getEntriesByViewCount($view, $wallabag->user->getId(), $id);
53
54	if ($count > 0) {
55	$wallabag->pagination->set_total($count);
56	$page_links = str_replace(array('previous', 'next'), array(_('previous'), _('next')),
57	$wallabag->pagination->page_links('?view=' . $view . '&sort=' . $_SESSION['sort'] . (($id)?'&id='.$id:'') . '&' ));
58	$tpl_vars['entries'] = $wallabag->store->getEntriesByView($view, $wallabag->user->getId(), $wallabag->pagination->get_limit(), $id);
59	$tpl_vars['page_links'] = $page_links;
60	$tpl_vars['nb_results'] = $count;
61	}
62
63	$wallabag->routing->render('home.twig', $tpl_vars);
64
65	Tools::logm('display ' . $view . ' view');
66
67	});