From 3602405ec0dbc576fce09ff9e865ba2404622080 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= Date: Fri, 11 Jul 2014 16:03:59 +0200 Subject: WHAT. A. BIG. REFACTOR. + new license (we moved to MIT one) --- inc/poche/Routing.class.php | 149 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 149 insertions(+) create mode 100644 inc/poche/Routing.class.php (limited to 'inc/poche/Routing.class.php') diff --git a/inc/poche/Routing.class.php b/inc/poche/Routing.class.php new file mode 100644 index 00000000..7e259c24 --- /dev/null +++ b/inc/poche/Routing.class.php @@ -0,0 +1,149 @@ + + * @copyright 2013 + * @license http://opensource.org/licenses/MIT see COPYING file + */ + +class Routing +{ + protected $wallabag; + protected $referer; + protected $view; + protected $action; + protected $id; + protected $url; + protected $file; + protected $defaultVars = array(); + protected $vars = array(); + + public function __construct(Poche $wallabag) + { + $this->wallabag = $wallabag; + $this->_init(); + } + + private function _init() + { + # Parse GET & REFERER vars + $this->referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; + $this->view = Tools::checkVar('view', 'home'); + $this->action = Tools::checkVar('action'); + $this->id = Tools::checkVar('id'); + $_SESSION['sort'] = Tools::checkVar('sort', 'id'); + $this->url = new Url((isset ($_GET['url'])) ? $_GET['url'] : ''); + } + + public function run() + { + # vars to _always_ send to templates + $this->defaultVars = array( + 'referer' => $this->referer, + 'view' => $this->view, + 'poche_url' => Tools::getPocheUrl(), + 'title' => _('wallabag, a read it later open source system'), + 'token' => \Session::getToken(), + 'theme' => $this->wallabag->tpl->getTheme() + ); + + $this->_launchAction(); + $this->_defineTplInformation(); + + # because messages can be added in $poche->action(), we have to add this entry now (we can add it before) + $this->vars = array_merge($this->vars, array('messages' => $this->wallabag->messages->display('all', FALSE))); + + $this->_render($this->file, $this->vars); + } + + private function _defineTplInformation() + { + $tplFile = array(); + $tplVars = array(); + + if (\Session::isLogged()) { + $this->wallabag->action($this->action, $this->url, $this->id); + $tplFile = Tools::getTplFile($this->view); + $tplVars = array_merge($this->vars, $this->wallabag->displayView($this->view, $this->id)); + } elseif(isset($_SERVER['PHP_AUTH_USER'])) { + if($this->wallabag->store->userExists($_SERVER['PHP_AUTH_USER'])) { + $this->wallabag->login($this->referer); + } else { + $this->wallabag->messages->add('e', _('login failed: user doesn\'t exist')); + Tools::logm('user doesn\'t exist'); + $tplFile = Tools::getTplFile('login'); + $tplVars['http_auth'] = 1; + } + } elseif(isset($_SERVER['REMOTE_USER'])) { + if($this->wallabag->store->userExists($_SERVER['REMOTE_USER'])) { + $this->wallabag->login($this->referer); + } else { + $this->wallabag->messages->add('e', _('login failed: user doesn\'t exist')); + Tools::logm('user doesn\'t exist'); + $tplFile = Tools::getTplFile('login'); + $tplVars['http_auth'] = 1; + } + } else { + $tplFile = Tools::getTplFile('login'); + $tplVars['http_auth'] = 0; + \Session::logout(); + } + + $this->file = $tplFile; + $this->vars = array_merge($this->defaultVars, $tplVars); + } + + private function _launchAction() + { + if (isset($_GET['login'])) { + // hello you + $this->wallabag->login($this->referer); + } elseif (isset($_GET['logout'])) { + // see you soon ! + $this->wallabag->logout(); + } elseif (isset($_GET['config'])) { + // update password + $this->wallabag->updatePassword(); + } elseif (isset($_GET['newuser'])) { + $this->wallabag->createNewUser(); + } elseif (isset($_GET['deluser'])) { + $this->wallabag->deleteUser(); + } elseif (isset($_GET['epub'])) { + $this->wallabag->createEpub(); + } elseif (isset($_GET['import'])) { + $import = $this->wallabag->import(); + $tplVars = array_merge($this->vars, $import); + } elseif (isset($_GET['download'])) { + Tools::downloadDb(); + } elseif (isset($_GET['empty-cache'])) { + $this->wallabag->emptyCache(); + } elseif (isset($_GET['export'])) { + $this->wallabag->export(); + } elseif (isset($_GET['updatetheme'])) { + $this->wallabag->tpl->updateTheme($_POST['theme']); + } elseif (isset($_GET['updatelanguage'])) { + $this->wallabag->language->updateLanguage($_POST['language']); + } elseif (isset($_GET['uploadfile'])) { + $this->wallabag->uploadFile(); + } elseif (isset($_GET['feed'])) { + if (isset($_GET['action']) && $_GET['action'] == 'generate') { + $this->wallabag->generateToken(); + } + else { + $tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0); + $this->wallabag->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']); + } + } + elseif (isset($_GET['plainurl']) && !empty($_GET['plainurl'])) { + $plainUrl = new Url(base64_encode($_GET['plainurl'])); + $this->wallabag->action('add', $plainUrl); + } + } + + private function _render($file, $vars) + { + echo $this->wallabag->tpl->render($file, $vars); + } +} \ No newline at end of file -- cgit v1.2.3 From b3cda72e93fff3a4c3476e9e7e78ef2b2a3f02b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= Date: Fri, 11 Jul 2014 17:06:51 +0200 Subject: PicoFarad framework for routing --- inc/poche/Routing.class.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'inc/poche/Routing.class.php') diff --git a/inc/poche/Routing.class.php b/inc/poche/Routing.class.php index 7e259c24..6e2c046b 100644 --- a/inc/poche/Routing.class.php +++ b/inc/poche/Routing.class.php @@ -11,8 +11,8 @@ class Routing { protected $wallabag; - protected $referer; - protected $view; + public $referer; + public $view; protected $action; protected $id; protected $url; @@ -55,7 +55,7 @@ class Routing # because messages can be added in $poche->action(), we have to add this entry now (we can add it before) $this->vars = array_merge($this->vars, array('messages' => $this->wallabag->messages->display('all', FALSE))); - $this->_render($this->file, $this->vars); + $this->render($this->file, $this->vars); } private function _defineTplInformation() @@ -142,7 +142,7 @@ class Routing } } - private function _render($file, $vars) + public function render($file, $vars) { echo $this->wallabag->tpl->render($file, $vars); } -- cgit v1.2.3 From 26b77483ee7545c0e4f8eeb205a5743bf3589adb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= Date: Sat, 12 Jul 2014 16:39:31 +0200 Subject: remove PicoFarad MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I’ll implement it an other day. --- inc/poche/Routing.class.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'inc/poche/Routing.class.php') diff --git a/inc/poche/Routing.class.php b/inc/poche/Routing.class.php index 6e2c046b..8c2f38e3 100644 --- a/inc/poche/Routing.class.php +++ b/inc/poche/Routing.class.php @@ -11,8 +11,8 @@ class Routing { protected $wallabag; - public $referer; - public $view; + protected $referer; + protected $view; protected $action; protected $id; protected $url; @@ -55,7 +55,7 @@ class Routing # because messages can be added in $poche->action(), we have to add this entry now (we can add it before) $this->vars = array_merge($this->vars, array('messages' => $this->wallabag->messages->display('all', FALSE))); - $this->render($this->file, $this->vars); + $this->_render($this->file, $this->vars); } private function _defineTplInformation() @@ -142,7 +142,7 @@ class Routing } } - public function render($file, $vars) + public function _render($file, $vars) { echo $this->wallabag->tpl->render($file, $vars); } -- cgit v1.2.3 From 2f26729c841a68669a1baf799091cb2c6c9f585a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= Date: Sat, 12 Jul 2014 19:01:11 +0200 Subject: Refactor --- inc/poche/Routing.class.php | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'inc/poche/Routing.class.php') diff --git a/inc/poche/Routing.class.php b/inc/poche/Routing.class.php index 8c2f38e3..eb4c4d90 100644 --- a/inc/poche/Routing.class.php +++ b/inc/poche/Routing.class.php @@ -105,20 +105,21 @@ class Routing $this->wallabag->logout(); } elseif (isset($_GET['config'])) { // update password - $this->wallabag->updatePassword(); + $this->wallabag->updatePassword($_POST['password'], $_POST['password_repeat']); } elseif (isset($_GET['newuser'])) { - $this->wallabag->createNewUser(); + $this->wallabag->createNewUser($_POST['newusername'], $_POST['password4newuser']); } elseif (isset($_GET['deluser'])) { - $this->wallabag->deleteUser(); + $this->wallabag->deleteUser($_POST['password4deletinguser']); } elseif (isset($_GET['epub'])) { - $this->wallabag->createEpub(); + $epub = new WallabagEpub($this->wallabag, $_GET['method'], $_GET['id'], $_GET['value']); + $epub->run(); } elseif (isset($_GET['import'])) { $import = $this->wallabag->import(); $tplVars = array_merge($this->vars, $import); } elseif (isset($_GET['download'])) { Tools::downloadDb(); } elseif (isset($_GET['empty-cache'])) { - $this->wallabag->emptyCache(); + Tools::emptyCache(); } elseif (isset($_GET['export'])) { $this->wallabag->export(); } elseif (isset($_GET['updatetheme'])) { @@ -129,7 +130,7 @@ class Routing $this->wallabag->uploadFile(); } elseif (isset($_GET['feed'])) { if (isset($_GET['action']) && $_GET['action'] == 'generate') { - $this->wallabag->generateToken(); + $this->wallabag->updateToken(); } else { $tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0); -- cgit v1.2.3 From 7dd8b5026d0ae52fc5be001ee224aac72f3e7b25 Mon Sep 17 00:00:00 2001 From: Maryana Rozhankivska Date: Thu, 24 Jul 2014 16:48:41 +0300 Subject: security issue --- inc/poche/Routing.class.php | 83 +++++++++++++++++++++++---------------------- 1 file changed, 43 insertions(+), 40 deletions(-) mode change 100644 => 100755 inc/poche/Routing.class.php (limited to 'inc/poche/Routing.class.php') diff --git a/inc/poche/Routing.class.php b/inc/poche/Routing.class.php old mode 100644 new mode 100755 index eb4c4d90..653fa900 --- a/inc/poche/Routing.class.php +++ b/inc/poche/Routing.class.php @@ -97,50 +97,53 @@ class Routing private function _launchAction() { - if (isset($_GET['login'])) { - // hello you - $this->wallabag->login($this->referer); - } elseif (isset($_GET['logout'])) { - // see you soon ! - $this->wallabag->logout(); - } elseif (isset($_GET['config'])) { - // update password - $this->wallabag->updatePassword($_POST['password'], $_POST['password_repeat']); - } elseif (isset($_GET['newuser'])) { - $this->wallabag->createNewUser($_POST['newusername'], $_POST['password4newuser']); - } elseif (isset($_GET['deluser'])) { - $this->wallabag->deleteUser($_POST['password4deletinguser']); - } elseif (isset($_GET['epub'])) { - $epub = new WallabagEpub($this->wallabag, $_GET['method'], $_GET['id'], $_GET['value']); - $epub->run(); - } elseif (isset($_GET['import'])) { - $import = $this->wallabag->import(); - $tplVars = array_merge($this->vars, $import); - } elseif (isset($_GET['download'])) { - Tools::downloadDb(); - } elseif (isset($_GET['empty-cache'])) { - Tools::emptyCache(); - } elseif (isset($_GET['export'])) { - $this->wallabag->export(); - } elseif (isset($_GET['updatetheme'])) { - $this->wallabag->tpl->updateTheme($_POST['theme']); - } elseif (isset($_GET['updatelanguage'])) { - $this->wallabag->language->updateLanguage($_POST['language']); - } elseif (isset($_GET['uploadfile'])) { - $this->wallabag->uploadFile(); - } elseif (isset($_GET['feed'])) { - if (isset($_GET['action']) && $_GET['action'] == 'generate') { + if (isset($_GET['login'])) { + // hello to you + $this->wallabag->login($this->referer); + } elseif (isset($_GET['feed']) && isset($_GET['user_id'])) { + $tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0); + $this->wallabag->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']); + } + + //allowed ONLY to logged in user + if ( \Session::isLogged() === true ) + { + if (isset($_GET['logout'])) { + // see you soon ! + $this->wallabag->logout(); + } elseif (isset($_GET['config'])) { + // update password + $this->wallabag->updatePassword($_POST['password'], $_POST['password_repeat']); + } elseif (isset($_GET['newuser'])) { + $this->wallabag->createNewUser($_POST['newusername'], $_POST['password4newuser']); + } elseif (isset($_GET['deluser'])) { + $this->wallabag->deleteUser($_POST['password4deletinguser']); + } elseif (isset($_GET['epub'])) { + $epub = new WallabagEpub($this->wallabag, $_GET['method'], $_GET['id'], $_GET['value']); + $epub->run(); + } elseif (isset($_GET['import'])) { + $import = $this->wallabag->import(); + $tplVars = array_merge($this->vars, $import); + } elseif (isset($_GET['download'])) { + Tools::downloadDb(); + } elseif (isset($_GET['empty-cache'])) { + Tools::emptyCache(); + } elseif (isset($_GET['export'])) { + $this->wallabag->export(); + } elseif (isset($_GET['updatetheme'])) { + $this->wallabag->tpl->updateTheme($_POST['theme']); + } elseif (isset($_GET['updatelanguage'])) { + $this->wallabag->language->updateLanguage($_POST['language']); + } elseif (isset($_GET['uploadfile'])) { + $this->wallabag->uploadFile(); + } elseif (isset($_GET['feed']) && isset($_GET['action']) && $_GET['action'] == 'generate') { $this->wallabag->updateToken(); } - else { - $tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0); - $this->wallabag->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']); + elseif (isset($_GET['plainurl']) && !empty($_GET['plainurl'])) { + $plainUrl = new Url(base64_encode($_GET['plainurl'])); + $this->wallabag->action('add', $plainUrl); } } - elseif (isset($_GET['plainurl']) && !empty($_GET['plainurl'])) { - $plainUrl = new Url(base64_encode($_GET['plainurl'])); - $this->wallabag->action('add', $plainUrl); - } } public function _render($file, $vars) -- cgit v1.2.3 From 830612f555d8bc72669fe9bc0686680001af0e52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= Date: Fri, 25 Jul 2014 07:26:56 +0200 Subject: typo --- inc/poche/Routing.class.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'inc/poche/Routing.class.php') diff --git a/inc/poche/Routing.class.php b/inc/poche/Routing.class.php index 653fa900..004bd45a 100755 --- a/inc/poche/Routing.class.php +++ b/inc/poche/Routing.class.php @@ -97,16 +97,16 @@ class Routing private function _launchAction() { - if (isset($_GET['login'])) { - // hello to you - $this->wallabag->login($this->referer); + if (isset($_GET['login'])) { + // hello to you + $this->wallabag->login($this->referer); } elseif (isset($_GET['feed']) && isset($_GET['user_id'])) { $tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0); $this->wallabag->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']); } //allowed ONLY to logged in user - if ( \Session::isLogged() === true ) + if (\Session::isLogged() === true) { if (isset($_GET['logout'])) { // see you soon ! -- cgit v1.2.3 From 8763e4efde17f133d0bda504640acada108e7870 Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Tue, 26 Aug 2014 12:43:56 +0200 Subject: Fix downloading SQLite database from all users --- inc/poche/Routing.class.php | 2 -- 1 file changed, 2 deletions(-) (limited to 'inc/poche/Routing.class.php') diff --git a/inc/poche/Routing.class.php b/inc/poche/Routing.class.php index 004bd45a..0b373058 100755 --- a/inc/poche/Routing.class.php +++ b/inc/poche/Routing.class.php @@ -124,8 +124,6 @@ class Routing } elseif (isset($_GET['import'])) { $import = $this->wallabag->import(); $tplVars = array_merge($this->vars, $import); - } elseif (isset($_GET['download'])) { - Tools::downloadDb(); } elseif (isset($_GET['empty-cache'])) { Tools::emptyCache(); } elseif (isset($_GET['export'])) { -- cgit v1.2.3