Example #1
0
function renderPage()
{
    $LINKSDB = new LinkDB($GLOBALS['config']['DATASTORE'], isLoggedIn(), $GLOBALS['config']['HIDE_PUBLIC_LINKS'], $GLOBALS['redirector']);
    $PAGE = new pageBuilder();
    // Determine which page will be rendered.
    $query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
    $targetPage = Router::findPage($query, $_GET, isLoggedIn());
    // Call plugin hooks for header, footer and includes, specifying which page will be rendered.
    // Then assign generated data to RainTPL.
    $common_hooks = array('header', 'footer', 'includes');
    $pluginManager = PluginManager::getInstance();
    foreach ($common_hooks as $name) {
        $plugin_data = array();
        $pluginManager->executeHooks('render_' . $name, $plugin_data, array('target' => $targetPage, 'loggedin' => isLoggedIn()));
        $PAGE->assign('plugins_' . $name, $plugin_data);
    }
    // -------- Display login form.
    if ($targetPage == Router::$PAGE_LOGIN) {
        if ($GLOBALS['config']['OPEN_SHAARLI']) {
            header('Location: ?');
            exit;
        }
        // No need to login for open Shaarli
        $token = '';
        if (ban_canLogin()) {
            $token = getToken();
        }
        // Do not waste token generation if not useful.
        $PAGE->assign('token', $token);
        $PAGE->assign('returnurl', isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']) : '');
        $PAGE->renderPage('loginform');
        exit;
    }
    // -------- User wants to logout.
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=logout')) {
        invalidateCaches($GLOBALS['config']['PAGECACHE']);
        logout();
        header('Location: ?');
        exit;
    }
    // -------- Picture wall
    if ($targetPage == Router::$PAGE_PICWALL) {
        // Optionally filter the results:
        if (!empty($_GET['searchterm'])) {
            $links = $LINKSDB->filter(LinkFilter::$FILTER_TEXT, $_GET['searchterm']);
        } elseif (!empty($_GET['searchtags'])) {
            $links = $LINKSDB->filter(LinkFilter::$FILTER_TAG, trim($_GET['searchtags']));
        } else {
            $links = $LINKSDB;
        }
        $linksToDisplay = array();
        // Get only links which have a thumbnail.
        foreach ($links as $link) {
            $permalink = '?' . escape(smallhash($link['linkdate']));
            $thumb = lazyThumbnail($link['url'], $permalink);
            if ($thumb != '') {
                $link['thumbnail'] = $thumb;
                // Thumbnail HTML code.
                $linksToDisplay[] = $link;
                // Add to array.
            }
        }
        $data = array('linkcount' => count($LINKSDB), 'linksToDisplay' => $linksToDisplay);
        $pluginManager->executeHooks('render_picwall', $data, array('loggedin' => isLoggedIn()));
        foreach ($data as $key => $value) {
            $PAGE->assign($key, $value);
        }
        $PAGE->renderPage('picwall');
        exit;
    }
    // -------- Tag cloud
    if ($targetPage == Router::$PAGE_TAGCLOUD) {
        $tags = $LINKSDB->allTags();
        // We sort tags alphabetically, then choose a font size according to count.
        // First, find max value.
        $maxcount = 0;
        foreach ($tags as $key => $value) {
            $maxcount = max($maxcount, $value);
        }
        ksort($tags);
        $tagList = array();
        foreach ($tags as $key => $value) {
            $tagList[$key] = array('count' => $value, 'size' => log($value, 15) / log($maxcount, 30) * (22 - 6) + 6);
        }
        $data = array('linkcount' => count($LINKSDB), 'tags' => $tagList);
        $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn()));
        foreach ($data as $key => $value) {
            $PAGE->assign($key, $value);
        }
        $PAGE->renderPage('tagcloud');
        exit;
    }
    // Daily page.
    if ($targetPage == Router::$PAGE_DAILY) {
        showDaily($PAGE);
    }
    // Display openseach plugin (XML)
    if ($targetPage == Router::$PAGE_OPENSEARCH) {
        header('Content-Type: application/xml; charset=utf-8');
        $PAGE->assign('serverurl', index_url($_SERVER));
        $PAGE->renderPage('opensearch');
        exit;
    }
    // -------- User clicks on a tag in a link: The tag is added to the list of searched tags (searchtags=...)
    if (isset($_GET['addtag'])) {
        // Get previous URL (http_referer) and add the tag to the searchtags parameters in query.
        if (empty($_SERVER['HTTP_REFERER'])) {
            header('Location: ?searchtags=' . urlencode($_GET['addtag']));
            exit;
        }
        // In case browser does not send HTTP_REFERER
        parse_str(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY), $params);
        // Prevent redirection loop
        if (isset($params['addtag'])) {
            unset($params['addtag']);
        }
        // Check if this tag is already in the search query and ignore it if it is.
        // Each tag is always separated by a space
        if (isset($params['searchtags'])) {
            $current_tags = explode(' ', $params['searchtags']);
        } else {
            $current_tags = array();
        }
        $addtag = true;
        foreach ($current_tags as $value) {
            if ($value === $_GET['addtag']) {
                $addtag = false;
                break;
            }
        }
        // Append the tag if necessary
        if (empty($params['searchtags'])) {
            $params['searchtags'] = trim($_GET['addtag']);
        } else {
            if ($addtag) {
                $params['searchtags'] = trim($params['searchtags']) . ' ' . trim($_GET['addtag']);
            }
        }
        unset($params['page']);
        // We also remove page (keeping the same page has no sense, since the results are different)
        header('Location: ?' . http_build_query($params));
        exit;
    }
    // -------- User clicks on a tag in result count: Remove the tag from the list of searched tags (searchtags=...)
    if (isset($_GET['removetag'])) {
        // Get previous URL (http_referer) and remove the tag from the searchtags parameters in query.
        if (empty($_SERVER['HTTP_REFERER'])) {
            header('Location: ?');
            exit;
        }
        // In case browser does not send HTTP_REFERER
        parse_str(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY), $params);
        // Prevent redirection loop
        if (isset($params['removetag'])) {
            unset($params['removetag']);
        }
        if (isset($params['searchtags'])) {
            $tags = explode(' ', $params['searchtags']);
            // Remove value from array $tags.
            $tags = array_diff($tags, array($_GET['removetag']));
            $params['searchtags'] = implode(' ', $tags);
            if (empty($params['searchtags'])) {
                unset($params['searchtags']);
            }
            unset($params['page']);
            // We also remove page (keeping the same page has no sense, since the results are different)
        }
        header('Location: ?' . http_build_query($params));
        exit;
    }
    // -------- User wants to change the number of links per page (linksperpage=...)
    if (isset($_GET['linksperpage'])) {
        if (is_numeric($_GET['linksperpage'])) {
            $_SESSION['LINKS_PER_PAGE'] = abs(intval($_GET['linksperpage']));
        }
        header('Location: ' . generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('linksperpage')));
        exit;
    }
    // -------- User wants to see only private links (toggle)
    if (isset($_GET['privateonly'])) {
        if (empty($_SESSION['privateonly'])) {
            $_SESSION['privateonly'] = 1;
            // See only private links
        } else {
            unset($_SESSION['privateonly']);
            // See all links
        }
        header('Location: ' . generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('privateonly')));
        exit;
    }
    // -------- Handle other actions allowed for non-logged in users:
    if (!isLoggedIn()) {
        // User tries to post new link but is not logged in:
        // Show login screen, then redirect to ?post=...
        if (isset($_GET['post'])) {
            header('Location: ?do=login&post=' . urlencode($_GET['post']) . (!empty($_GET['title']) ? '&title=' . urlencode($_GET['title']) : '') . (!empty($_GET['description']) ? '&description=' . urlencode($_GET['description']) : '') . (!empty($_GET['source']) ? '&source=' . urlencode($_GET['source']) : ''));
            // Redirect to login page, then back to post link.
            exit;
        }
        // Same case as above except that user tried to access ?do=addlink without being logged in
        // Note: passing empty parameters makes Shaarli generate default URLs and descriptions.
        if (isset($_GET['do']) && $_GET['do'] === 'addlink') {
            header('Location: ?do=login&post=');
            exit;
        }
        showLinkList($PAGE, $LINKSDB);
        if (isset($_GET['edit_link'])) {
            header('Location: ?do=login&edit_link=' . escape($_GET['edit_link']));
            exit;
        }
        exit;
        // Never remove this one! All operations below are reserved for logged in user.
    }
    // -------- All other functions are reserved for the registered user:
    // -------- Display the Tools menu if requested (import/export/bookmarklet...)
    if ($targetPage == Router::$PAGE_TOOLS) {
        $data = array('linkcount' => count($LINKSDB), 'pageabsaddr' => index_url($_SERVER));
        $pluginManager->executeHooks('render_tools', $data);
        foreach ($data as $key => $value) {
            $PAGE->assign($key, $value);
        }
        $PAGE->renderPage('tools');
        exit;
    }
    // -------- User wants to change his/her password.
    if ($targetPage == Router::$PAGE_CHANGEPASSWORD) {
        if ($GLOBALS['config']['OPEN_SHAARLI']) {
            die('You are not supposed to change a password on an Open Shaarli.');
        }
        if (!empty($_POST['setpassword']) && !empty($_POST['oldpassword'])) {
            if (!tokenOk($_POST['token'])) {
                die('Wrong token.');
            }
            // Go away!
            // Make sure old password is correct.
            $oldhash = sha1($_POST['oldpassword'] . $GLOBALS['login'] . $GLOBALS['salt']);
            if ($oldhash != $GLOBALS['hash']) {
                echo '<script>alert("The old password is not correct.");document.location=\'?do=changepasswd\';</script>';
                exit;
            }
            // Save new password
            $GLOBALS['salt'] = sha1(uniqid('', true) . '_' . mt_rand());
            // Salt renders rainbow-tables attacks useless.
            $GLOBALS['hash'] = sha1($_POST['setpassword'] . $GLOBALS['login'] . $GLOBALS['salt']);
            try {
                writeConfig($GLOBALS, isLoggedIn());
            } catch (Exception $e) {
                error_log('ERROR while writing config file after changing password.' . PHP_EOL . $e->getMessage());
                // TODO: do not handle exceptions/errors in JS.
                echo '<script>alert("' . $e->getMessage() . '");document.location=\'?do=tools\';</script>';
                exit;
            }
            echo '<script>alert("Your password has been changed.");document.location=\'?do=tools\';</script>';
            exit;
        } else {
            $PAGE->assign('linkcount', count($LINKSDB));
            $PAGE->assign('token', getToken());
            $PAGE->renderPage('changepassword');
            exit;
        }
    }
    // -------- User wants to change configuration
    if ($targetPage == Router::$PAGE_CONFIGURE) {
        if (!empty($_POST['title'])) {
            if (!tokenOk($_POST['token'])) {
                die('Wrong token.');
            }
            // Go away!
            $tz = 'UTC';
            if (!empty($_POST['continent']) && !empty($_POST['city'])) {
                if (isTimeZoneValid($_POST['continent'], $_POST['city'])) {
                    $tz = $_POST['continent'] . '/' . $_POST['city'];
                }
            }
            $GLOBALS['timezone'] = $tz;
            $GLOBALS['title'] = $_POST['title'];
            $GLOBALS['titleLink'] = $_POST['titleLink'];
            $GLOBALS['redirector'] = $_POST['redirector'];
            $GLOBALS['disablesessionprotection'] = !empty($_POST['disablesessionprotection']);
            $GLOBALS['privateLinkByDefault'] = !empty($_POST['privateLinkByDefault']);
            $GLOBALS['config']['ENABLE_RSS_PERMALINKS'] = !empty($_POST['enableRssPermalinks']);
            $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']);
            $GLOBALS['config']['HIDE_PUBLIC_LINKS'] = !empty($_POST['hidePublicLinks']);
            try {
                writeConfig($GLOBALS, isLoggedIn());
            } catch (Exception $e) {
                error_log('ERROR while writing config file after configuration update.' . PHP_EOL . $e->getMessage());
                // TODO: do not handle exceptions/errors in JS.
                echo '<script>alert("' . $e->getMessage() . '");document.location=\'?do=tools\';</script>';
                exit;
            }
            echo '<script>alert("Configuration was saved.");document.location=\'?do=tools\';</script>';
            exit;
        } else {
            $PAGE->assign('linkcount', count($LINKSDB));
            $PAGE->assign('token', getToken());
            $PAGE->assign('title', empty($GLOBALS['title']) ? '' : $GLOBALS['title']);
            $PAGE->assign('redirector', empty($GLOBALS['redirector']) ? '' : $GLOBALS['redirector']);
            list($timezone_form, $timezone_js) = generateTimeZoneForm($GLOBALS['timezone']);
            $PAGE->assign('timezone_form', $timezone_form);
            $PAGE->assign('timezone_js', $timezone_js);
            $PAGE->renderPage('configure');
            exit;
        }
    }
    // -------- User wants to rename a tag or delete it
    if ($targetPage == Router::$PAGE_CHANGETAG) {
        if (empty($_POST['fromtag']) || empty($_POST['totag']) && isset($_POST['renametag'])) {
            $PAGE->assign('linkcount', count($LINKSDB));
            $PAGE->assign('token', getToken());
            $PAGE->assign('tags', $LINKSDB->allTags());
            $PAGE->renderPage('changetag');
            exit;
        }
        if (!tokenOk($_POST['token'])) {
            die('Wrong token.');
        }
        // Delete a tag:
        if (isset($_POST['deletetag']) && !empty($_POST['fromtag'])) {
            $needle = trim($_POST['fromtag']);
            // True for case-sensitive tag search.
            $linksToAlter = $LINKSDB->filter(LinkFilter::$FILTER_TAG, $needle, true);
            foreach ($linksToAlter as $key => $value) {
                $tags = explode(' ', trim($value['tags']));
                unset($tags[array_search($needle, $tags)]);
                // Remove tag.
                $value['tags'] = trim(implode(' ', $tags));
                $LINKSDB[$key] = $value;
            }
            $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']);
            echo '<script>alert("Tag was removed from ' . count($linksToAlter) . ' links.");document.location=\'?\';</script>';
            exit;
        }
        // Rename a tag:
        if (isset($_POST['renametag']) && !empty($_POST['fromtag']) && !empty($_POST['totag'])) {
            $needle = trim($_POST['fromtag']);
            // True for case-sensitive tag search.
            $linksToAlter = $LINKSDB->filter(LinkFilter::$FILTER_TAG, $needle, true);
            foreach ($linksToAlter as $key => $value) {
                $tags = explode(' ', trim($value['tags']));
                $tags[array_search($needle, $tags)] = trim($_POST['totag']);
                // Replace tags value.
                $value['tags'] = trim(implode(' ', $tags));
                $LINKSDB[$key] = $value;
            }
            $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']);
            // Save to disk.
            echo '<script>alert("Tag was renamed in ' . count($linksToAlter) . ' links.");document.location=\'?searchtags=' . urlencode($_POST['totag']) . '\';</script>';
            exit;
        }
    }
    // -------- User wants to add a link without using the bookmarklet: Show form.
    if ($targetPage == Router::$PAGE_ADDLINK) {
        $PAGE->assign('linkcount', count($LINKSDB));
        $PAGE->renderPage('addlink');
        exit;
    }
    // -------- User clicked the "Save" button when editing a link: Save link to database.
    if (isset($_POST['save_edit'])) {
        if (!tokenOk($_POST['token'])) {
            die('Wrong token.');
        }
        // Go away!
        $tags = trim(preg_replace('/\\s\\s+/', ' ', $_POST['lf_tags']));
        // Remove multiple spaces.
        $tags = implode(' ', array_unique(explode(' ', $tags)));
        // Remove duplicates.
        $linkdate = $_POST['lf_linkdate'];
        $url = trim($_POST['lf_url']);
        if (!startsWith($url, 'http:') && !startsWith($url, 'https:') && !startsWith($url, 'ftp:') && !startsWith($url, 'magnet:') && !startsWith($url, '?') && !startsWith($url, 'javascript:')) {
            $url = 'http://' . $url;
        }
        $link = array('title' => trim($_POST['lf_title']), 'url' => $url, 'description' => trim($_POST['lf_description']), 'private' => isset($_POST['lf_private']) ? 1 : 0, 'linkdate' => $linkdate, 'tags' => str_replace(',', ' ', $tags));
        if ($link['title'] == '') {
            $link['title'] = $link['url'];
        }
        // If title is empty, use the URL as title.
        $pluginManager->executeHooks('save_link', $link);
        $LINKSDB[$linkdate] = $link;
        $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']);
        // Save to disk.
        pubsubhub();
        // If we are called from the bookmarklet, we must close the popup:
        if (isset($_GET['source']) && ($_GET['source'] == 'bookmarklet' || $_GET['source'] == 'firefoxsocialapi')) {
            echo '<script>self.close();</script>';
            exit;
        }
        $returnurl = !empty($_POST['returnurl']) ? escape($_POST['returnurl']) : '?';
        $location = generateLocation($returnurl, $_SERVER['HTTP_HOST'], array('addlink', 'post', 'edit_link'));
        $location .= '#' . smallHash($_POST['lf_linkdate']);
        // Scroll to the link which has been edited.
        header('Location: ' . $location);
        // After saving the link, redirect to the page the user was on.
        exit;
    }
    // -------- User clicked the "Cancel" button when editing a link.
    if (isset($_POST['cancel_edit'])) {
        // If we are called from the bookmarklet, we must close the popup:
        if (isset($_GET['source']) && ($_GET['source'] == 'bookmarklet' || $_GET['source'] == 'firefoxsocialapi')) {
            echo '<script>self.close();</script>';
            exit;
        }
        $returnurl = isset($_POST['returnurl']) ? $_POST['returnurl'] : '?';
        $returnurl .= '#' . smallHash($_POST['lf_linkdate']);
        // Scroll to the link which has been edited.
        $returnurl = generateLocation($returnurl, $_SERVER['HTTP_HOST'], array('addlink', 'post', 'edit_link'));
        header('Location: ' . $returnurl);
        // After canceling, redirect to the page the user was on.
        exit;
    }
    // -------- User clicked the "Delete" button when editing a link: Delete link from database.
    if (isset($_POST['delete_link'])) {
        if (!tokenOk($_POST['token'])) {
            die('Wrong token.');
        }
        // We do not need to ask for confirmation:
        // - confirmation is handled by JavaScript
        // - we are protected from XSRF by the token.
        $linkdate = $_POST['lf_linkdate'];
        $pluginManager->executeHooks('delete_link', $LINKSDB[$linkdate]);
        unset($LINKSDB[$linkdate]);
        $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']);
        // save to disk
        // If we are called from the bookmarklet, we must close the popup:
        if (isset($_GET['source']) && ($_GET['source'] == 'bookmarklet' || $_GET['source'] == 'firefoxsocialapi')) {
            echo '<script>self.close();</script>';
            exit;
        }
        // Pick where we're going to redirect
        // =============================================================
        // Basically, we can't redirect to where we were previously if it was a permalink
        // or an edit_link, because it would 404.
        // Cases:
        //    - /             : nothing in $_GET, redirect to self
        //    - /?page        : redirect to self
        //    - /?searchterm  : redirect to self (there might be other links)
        //    - /?searchtags  : redirect to self
        //    - /permalink    : redirect to / (the link does not exist anymore)
        //    - /?edit_link   : redirect to / (the link does not exist anymore)
        // PHP treats the permalink as a $_GET variable, so we need to check if every condition for self
        // redirect is not satisfied, and only then redirect to /
        $location = "?";
        // Self redirection
        if (count($_GET) == 0 || isset($_GET['page']) || isset($_GET['searchterm']) || isset($_GET['searchtags'])) {
            if (isset($_POST['returnurl'])) {
                $location = $_POST['returnurl'];
                // Handle redirects given by the form
            } else {
                $location = generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('delete_link'));
            }
        }
        header('Location: ' . $location);
        // After deleting the link, redirect to appropriate location
        exit;
    }
    // -------- User clicked the "EDIT" button on a link: Display link edit form.
    if (isset($_GET['edit_link'])) {
        $link = $LINKSDB[$_GET['edit_link']];
        // Read database
        if (!$link) {
            header('Location: ?');
            exit;
        }
        // Link not found in database.
        $data = array('linkcount' => count($LINKSDB), 'link' => $link, 'link_is_new' => false, 'token' => getToken(), 'http_referer' => isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']) : '', 'tags' => $LINKSDB->allTags());
        $pluginManager->executeHooks('render_editlink', $data);
        foreach ($data as $key => $value) {
            $PAGE->assign($key, $value);
        }
        $PAGE->renderPage('editlink');
        exit;
    }
    // -------- User want to post a new link: Display link edit form.
    if (isset($_GET['post'])) {
        $url = cleanup_url(escape($_GET['post']));
        $link_is_new = false;
        // Check if URL is not already in database (in this case, we will edit the existing link)
        $link = $LINKSDB->getLinkFromUrl($url);
        if (!$link) {
            $link_is_new = true;
            $linkdate = strval(date('Ymd_His'));
            // Get title if it was provided in URL (by the bookmarklet).
            $title = empty($_GET['title']) ? '' : escape($_GET['title']);
            // Get description if it was provided in URL (by the bookmarklet). [Bronco added that]
            $description = empty($_GET['description']) ? '' : escape($_GET['description']);
            $tags = empty($_GET['tags']) ? '' : escape($_GET['tags']);
            $private = !empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0;
            // If this is an HTTP(S) link, we try go get the page to extract the title (otherwise we will to straight to the edit form.)
            if (empty($title) && strpos(get_url_scheme($url), 'http') !== false) {
                // Short timeout to keep the application responsive
                list($headers, $content) = get_http_response($url, 4);
                if (strpos($headers[0], '200 OK') !== false) {
                    // Retrieve charset.
                    $charset = get_charset($headers, $content);
                    // Extract title.
                    $title = html_extract_title($content);
                    // Re-encode title in utf-8 if necessary.
                    if (!empty($title) && $charset != 'utf-8') {
                        $title = mb_convert_encoding($title, $charset, 'utf-8');
                    }
                }
            }
            if ($url == '') {
                $url = '?' . smallHash($linkdate);
                $title = 'Note: ';
            }
            $link = array('linkdate' => $linkdate, 'title' => $title, 'url' => $url, 'description' => $description, 'tags' => $tags, 'private' => $private);
        }
        $data = array('linkcount' => count($LINKSDB), 'link' => $link, 'link_is_new' => $link_is_new, 'token' => getToken(), 'http_referer' => isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']) : '', 'source' => isset($_GET['source']) ? $_GET['source'] : '', 'tags' => $LINKSDB->allTags());
        $pluginManager->executeHooks('render_editlink', $data);
        foreach ($data as $key => $value) {
            $PAGE->assign($key, $value);
        }
        $PAGE->renderPage('editlink');
        exit;
    }
    // -------- Export as Netscape Bookmarks HTML file.
    if ($targetPage == Router::$PAGE_EXPORT) {
        if (empty($_GET['what'])) {
            $PAGE->assign('linkcount', count($LINKSDB));
            $PAGE->renderPage('export');
            exit;
        }
        $exportWhat = $_GET['what'];
        if (!array_intersect(array('all', 'public', 'private'), array($exportWhat))) {
            die('What are you trying to export???');
        }
        header('Content-Type: text/html; charset=utf-8');
        header('Content-disposition: attachment; filename=bookmarks_' . $exportWhat . '_' . strval(date('Ymd_His')) . '.html');
        $currentdate = date('Y/m/d H:i:s');
        echo <<<HTML
<!DOCTYPE NETSCAPE-Bookmark-file-1>
<!-- This is an automatically generated file.
     It will be read and overwritten.
     DO NOT EDIT! -->
<!-- Shaarli {$exportWhat} bookmarks export on {$currentdate} -->
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">
<TITLE>Bookmarks</TITLE>
<H1>Bookmarks</H1>
HTML;
        foreach ($LINKSDB as $link) {
            if ($exportWhat == 'all' || $exportWhat == 'private' && $link['private'] != 0 || $exportWhat == 'public' && $link['private'] == 0) {
                echo '<DT><A HREF="' . $link['url'] . '" ADD_DATE="' . linkdate2timestamp($link['linkdate']) . '" PRIVATE="' . $link['private'] . '"';
                if ($link['tags'] != '') {
                    echo ' TAGS="' . str_replace(' ', ',', $link['tags']) . '"';
                }
                echo '>' . $link['title'] . "</A>\n";
                if ($link['description'] != '') {
                    echo '<DD>' . $link['description'] . "\n";
                }
            }
        }
        exit;
    }
    // -------- User is uploading a file for import
    if (isset($_SERVER["QUERY_STRING"]) && startswith($_SERVER["QUERY_STRING"], 'do=upload')) {
        // If file is too big, some form field may be missing.
        if (!isset($_POST['token']) || !isset($_FILES) || isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size'] == 0) {
            $returnurl = empty($_SERVER['HTTP_REFERER']) ? '?' : $_SERVER['HTTP_REFERER'];
            echo '<script>alert("The file you are trying to upload is probably bigger than what this webserver can accept (' . getMaxFileSize() . ' bytes). Please upload in smaller chunks.");document.location=\'' . escape($returnurl) . '\';</script>';
            exit;
        }
        if (!tokenOk($_POST['token'])) {
            die('Wrong token.');
        }
        importFile();
        exit;
    }
    // -------- Show upload/import dialog:
    if ($targetPage == Router::$PAGE_IMPORT) {
        $PAGE->assign('linkcount', count($LINKSDB));
        $PAGE->assign('token', getToken());
        $PAGE->assign('maxfilesize', getMaxFileSize());
        $PAGE->renderPage('import');
        exit;
    }
    // -------- Otherwise, simply display search form and links:
    showLinkList($PAGE, $LINKSDB);
    exit;
}
Example #2
0
            // without setup, but there's no reason these should eventually not be
            // part of the database in the sections table.  Kiki does support that
            // already, after all, just the CMS is lacking.
            $controller = Controller::factory($moduleMatches[1]);
            $controller->setObjectId($moduleMatches[2]);
        } else {
            // For all static files
            $controller = Controller::factory('Kiki');
            $controller->setObjectId($matches[1]);
        }
    } else {
        if (preg_match('#^/storage/([^\\.]+)\\.([^x]+)x([^\\.]+)\\.((c?))?#', $requestPath, $matches)) {
            $controller = Controller::factory('Thumbnails');
            $controller->setObjectId($matches);
        } else {
            if (!($controller = Router::findPage($requestPath)) && !($controller = Router::findSection($requestPath))) {
                // Nothing? 404.
                //
                // @todo Add an alias controller here, functioning quite like the
                // tinyURL controller but then with database stored URI aliases.
                //
                // The CMS module (and possibly the site itself when an administrator is
                // logged in) should then warn about aliases that conflict with
                // top-level pages (and vice versa), and possibly tinyURLs but those
                // might need a technical solution beyond risk management due to their
                // automatic generation.
                $controller = new Controller\NotFound404();
            }
        }
    }
}
Example #3
0
function renderPage()
{
    $LINKSDB = new LinkDB($GLOBALS['config']['DATASTORE'], isLoggedIn(), $GLOBALS['config']['HIDE_PUBLIC_LINKS'], $GLOBALS['redirector'], $GLOBALS['config']['REDIRECTOR_URLENCODE']);
    $updater = new Updater(read_updates_file($GLOBALS['config']['UPDATES_FILE']), $GLOBALS, $LINKSDB, isLoggedIn());
    try {
        $newUpdates = $updater->update();
        if (!empty($newUpdates)) {
            write_updates_file($GLOBALS['config']['UPDATES_FILE'], $updater->getDoneUpdates());
        }
    } catch (Exception $e) {
        die($e->getMessage());
    }
    $PAGE = new PageBuilder();
    $PAGE->assign('linkcount', count($LINKSDB));
    $PAGE->assign('privateLinkcount', count_private($LINKSDB));
    // Determine which page will be rendered.
    $query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
    $targetPage = Router::findPage($query, $_GET, isLoggedIn());
    // Call plugin hooks for header, footer and includes, specifying which page will be rendered.
    // Then assign generated data to RainTPL.
    $common_hooks = array('includes', 'header', 'footer');
    $pluginManager = PluginManager::getInstance();
    foreach ($common_hooks as $name) {
        $plugin_data = array();
        $pluginManager->executeHooks('render_' . $name, $plugin_data, array('target' => $targetPage, 'loggedin' => isLoggedIn()));
        $PAGE->assign('plugins_' . $name, $plugin_data);
    }
    // -------- Display login form.
    if ($targetPage == Router::$PAGE_LOGIN) {
        if ($GLOBALS['config']['OPEN_SHAARLI']) {
            header('Location: ?');
            exit;
        }
        // No need to login for open Shaarli
        $token = '';
        if (ban_canLogin()) {
            $token = getToken();
        }
        // Do not waste token generation if not useful.
        $PAGE->assign('token', $token);
        if (isset($_GET['username'])) {
            $PAGE->assign('username', escape($_GET['username']));
        }
        $PAGE->assign('returnurl', isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']) : '');
        $PAGE->renderPage('loginform');
        exit;
    }
    // -------- User wants to logout.
    if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=logout')) {
        invalidateCaches($GLOBALS['config']['PAGECACHE']);
        logout();
        header('Location: ?');
        exit;
    }
    // -------- Picture wall
    if ($targetPage == Router::$PAGE_PICWALL) {
        // Optionally filter the results:
        $links = $LINKSDB->filterSearch($_GET);
        $linksToDisplay = array();
        // Get only links which have a thumbnail.
        foreach ($links as $link) {
            $permalink = '?' . escape(smallhash($link['linkdate']));
            $thumb = lazyThumbnail($link['url'], $permalink);
            if ($thumb != '') {
                $link['thumbnail'] = $thumb;
                // Thumbnail HTML code.
                $linksToDisplay[] = $link;
                // Add to array.
            }
        }
        $data = array('linksToDisplay' => $linksToDisplay);
        $pluginManager->executeHooks('render_picwall', $data, array('loggedin' => isLoggedIn()));
        foreach ($data as $key => $value) {
            $PAGE->assign($key, $value);
        }
        $PAGE->renderPage('picwall');
        exit;
    }
    // -------- Tag cloud
    if ($targetPage == Router::$PAGE_TAGCLOUD) {
        $tags = $LINKSDB->allTags();
        // We sort tags alphabetically, then choose a font size according to count.
        // First, find max value.
        $maxcount = 0;
        foreach ($tags as $value) {
            $maxcount = max($maxcount, $value);
        }
        // Sort tags alphabetically: case insensitive, support locale if avalaible.
        uksort($tags, function ($a, $b) {
            // Collator is part of PHP intl.
            if (class_exists('Collator')) {
                $c = new Collator(setlocale(LC_COLLATE, 0));
                if (!intl_is_failure(intl_get_error_code())) {
                    return $c->compare($a, $b);
                }
            }
            return strcasecmp($a, $b);
        });
        $tagList = array();
        foreach ($tags as $key => $value) {
            // Tag font size scaling:
            //   default 15 and 30 logarithm bases affect scaling,
            //   22 and 6 are arbitrary font sizes for max and min sizes.
            $size = log($value, 15) / log($maxcount, 30) * 2.2 + 0.8;
            $tagList[$key] = array('count' => $value, 'size' => number_format($size, 2, '.', ''));
        }
        $data = array('tags' => $tagList);
        $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn()));
        foreach ($data as $key => $value) {
            $PAGE->assign($key, $value);
        }
        $PAGE->renderPage('tagcloud');
        exit;
    }
    // Daily page.
    if ($targetPage == Router::$PAGE_DAILY) {
        showDaily($PAGE, $LINKSDB);
    }
    // ATOM and RSS feed.
    if ($targetPage == Router::$PAGE_FEED_ATOM || $targetPage == Router::$PAGE_FEED_RSS) {
        $feedType = $targetPage == Router::$PAGE_FEED_RSS ? FeedBuilder::$FEED_RSS : FeedBuilder::$FEED_ATOM;
        header('Content-Type: application/' . $feedType . '+xml; charset=utf-8');
        // Cache system
        $query = $_SERVER['QUERY_STRING'];
        $cache = new CachedPage($GLOBALS['config']['PAGECACHE'], page_url($_SERVER), startsWith($query, 'do=' . $targetPage) && !isLoggedIn());
        $cached = $cache->cachedVersion();
        if (!empty($cached)) {
            echo $cached;
            exit;
        }
        // Generate data.
        $feedGenerator = new FeedBuilder($LINKSDB, $feedType, $_SERVER, $_GET, isLoggedIn());
        $feedGenerator->setLocale(strtolower(setlocale(LC_COLLATE, 0)));
        $feedGenerator->setHideDates($GLOBALS['config']['HIDE_TIMESTAMPS'] && !isLoggedIn());
        $feedGenerator->setUsePermalinks(isset($_GET['permalinks']) || !$GLOBALS['config']['ENABLE_RSS_PERMALINKS']);
        if (!empty($GLOBALS['config']['PUBSUBHUB_URL'])) {
            $feedGenerator->setPubsubhubUrl($GLOBALS['config']['PUBSUBHUB_URL']);
        }
        $data = $feedGenerator->buildData();
        // Process plugin hook.
        $pluginManager = PluginManager::getInstance();
        $pluginManager->executeHooks('render_feed', $data, array('loggedin' => isLoggedIn(), 'target' => $targetPage));
        // Render the template.
        $PAGE->assignAll($data);
        $PAGE->renderPage('feed.' . $feedType);
        $cache->cache(ob_get_contents());
        ob_end_flush();
        exit;
    }
    // Display openseach plugin (XML)
    if ($targetPage == Router::$PAGE_OPENSEARCH) {
        header('Content-Type: application/xml; charset=utf-8');
        $PAGE->assign('serverurl', index_url($_SERVER));
        $PAGE->renderPage('opensearch');
        exit;
    }
    // -------- User clicks on a tag in a link: The tag is added to the list of searched tags (searchtags=...)
    if (isset($_GET['addtag'])) {
        // Get previous URL (http_referer) and add the tag to the searchtags parameters in query.
        if (empty($_SERVER['HTTP_REFERER'])) {
            header('Location: ?searchtags=' . urlencode($_GET['addtag']));
            exit;
        }
        // In case browser does not send HTTP_REFERER
        parse_str(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY), $params);
        // Prevent redirection loop
        if (isset($params['addtag'])) {
            unset($params['addtag']);
        }
        // Check if this tag is already in the search query and ignore it if it is.
        // Each tag is always separated by a space
        if (isset($params['searchtags'])) {
            $current_tags = explode(' ', $params['searchtags']);
        } else {
            $current_tags = array();
        }
        $addtag = true;
        foreach ($current_tags as $value) {
            if ($value === $_GET['addtag']) {
                $addtag = false;
                break;
            }
        }
        // Append the tag if necessary
        if (empty($params['searchtags'])) {
            $params['searchtags'] = trim($_GET['addtag']);
        } else {
            if ($addtag) {
                $params['searchtags'] = trim($params['searchtags']) . ' ' . trim($_GET['addtag']);
            }
        }
        unset($params['page']);
        // We also remove page (keeping the same page has no sense, since the results are different)
        header('Location: ?' . http_build_query($params));
        exit;
    }
    // -------- User clicks on a tag in result count: Remove the tag from the list of searched tags (searchtags=...)
    if (isset($_GET['removetag'])) {
        // Get previous URL (http_referer) and remove the tag from the searchtags parameters in query.
        if (empty($_SERVER['HTTP_REFERER'])) {
            header('Location: ?');
            exit;
        }
        // In case browser does not send HTTP_REFERER
        parse_str(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY), $params);
        // Prevent redirection loop
        if (isset($params['removetag'])) {
            unset($params['removetag']);
        }
        if (isset($params['searchtags'])) {
            $tags = explode(' ', $params['searchtags']);
            // Remove value from array $tags.
            $tags = array_diff($tags, array($_GET['removetag']));
            $params['searchtags'] = implode(' ', $tags);
            if (empty($params['searchtags'])) {
                unset($params['searchtags']);
            }
            unset($params['page']);
            // We also remove page (keeping the same page has no sense, since the results are different)
        }
        header('Location: ?' . http_build_query($params));
        exit;
    }
    // -------- User wants to change the number of links per page (linksperpage=...)
    if (isset($_GET['linksperpage'])) {
        if (is_numeric($_GET['linksperpage'])) {
            $_SESSION['LINKS_PER_PAGE'] = abs(intval($_GET['linksperpage']));
        }
        header('Location: ' . generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('linksperpage')));
        exit;
    }
    // -------- User wants to see only private links (toggle)
    if (isset($_GET['privateonly'])) {
        if (empty($_SESSION['privateonly'])) {
            $_SESSION['privateonly'] = 1;
            // See only private links
        } else {
            unset($_SESSION['privateonly']);
            // See all links
        }
        header('Location: ' . generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('privateonly')));
        exit;
    }
    // -------- Handle other actions allowed for non-logged in users:
    if (!isLoggedIn()) {
        // User tries to post new link but is not logged in:
        // Show login screen, then redirect to ?post=...
        if (isset($_GET['post'])) {
            header('Location: ?do=login&post=' . urlencode($_GET['post']) . (!empty($_GET['title']) ? '&title=' . urlencode($_GET['title']) : '') . (!empty($_GET['description']) ? '&description=' . urlencode($_GET['description']) : '') . (!empty($_GET['source']) ? '&source=' . urlencode($_GET['source']) : ''));
            // Redirect to login page, then back to post link.
            exit;
        }
        showLinkList($PAGE, $LINKSDB);
        if (isset($_GET['edit_link'])) {
            header('Location: ?do=login&edit_link=' . escape($_GET['edit_link']));
            exit;
        }
        exit;
        // Never remove this one! All operations below are reserved for logged in user.
    }
    // -------- All other functions are reserved for the registered user:
    // -------- Display the Tools menu if requested (import/export/bookmarklet...)
    if ($targetPage == Router::$PAGE_TOOLS) {
        $data = array('pageabsaddr' => index_url($_SERVER));
        $pluginManager->executeHooks('render_tools', $data);
        foreach ($data as $key => $value) {
            $PAGE->assign($key, $value);
        }
        $PAGE->renderPage('tools');
        exit;
    }
    // -------- User wants to change his/her password.
    if ($targetPage == Router::$PAGE_CHANGEPASSWORD) {
        if ($GLOBALS['config']['OPEN_SHAARLI']) {
            die('You are not supposed to change a password on an Open Shaarli.');
        }
        if (!empty($_POST['setpassword']) && !empty($_POST['oldpassword'])) {
            if (!tokenOk($_POST['token'])) {
                die('Wrong token.');
            }
            // Go away!
            // Make sure old password is correct.
            $oldhash = sha1($_POST['oldpassword'] . $GLOBALS['login'] . $GLOBALS['salt']);
            if ($oldhash != $GLOBALS['hash']) {
                echo '<script>alert("The old password is not correct.");document.location=\'?do=changepasswd\';</script>';
                exit;
            }
            // Save new password
            $GLOBALS['salt'] = sha1(uniqid('', true) . '_' . mt_rand());
            // Salt renders rainbow-tables attacks useless.
            $GLOBALS['hash'] = sha1($_POST['setpassword'] . $GLOBALS['login'] . $GLOBALS['salt']);
            try {
                writeConfig($GLOBALS, isLoggedIn());
            } catch (Exception $e) {
                error_log('ERROR while writing config file after changing password.' . PHP_EOL . $e->getMessage());
                // TODO: do not handle exceptions/errors in JS.
                echo '<script>alert("' . $e->getMessage() . '");document.location=\'?do=tools\';</script>';
                exit;
            }
            echo '<script>alert("Your password has been changed.");document.location=\'?do=tools\';</script>';
            exit;
        } else {
            $PAGE->assign('token', getToken());
            $PAGE->renderPage('changepassword');
            exit;
        }
    }
    // -------- User wants to change configuration
    if ($targetPage == Router::$PAGE_CONFIGURE) {
        if (!empty($_POST['title'])) {
            if (!tokenOk($_POST['token'])) {
                die('Wrong token.');
                // Go away!
            }
            $tz = 'UTC';
            if (!empty($_POST['continent']) && !empty($_POST['city']) && isTimeZoneValid($_POST['continent'], $_POST['city'])) {
                $tz = $_POST['continent'] . '/' . $_POST['city'];
            }
            $GLOBALS['timezone'] = $tz;
            $GLOBALS['title'] = $_POST['title'];
            $GLOBALS['titleLink'] = $_POST['titleLink'];
            $GLOBALS['redirector'] = $_POST['redirector'];
            $GLOBALS['disablesessionprotection'] = !empty($_POST['disablesessionprotection']);
            $GLOBALS['privateLinkByDefault'] = !empty($_POST['privateLinkByDefault']);
            $GLOBALS['config']['ENABLE_RSS_PERMALINKS'] = !empty($_POST['enableRssPermalinks']);
            $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']);
            $GLOBALS['config']['HIDE_PUBLIC_LINKS'] = !empty($_POST['hidePublicLinks']);
            try {
                writeConfig($GLOBALS, isLoggedIn());
            } catch (Exception $e) {
                error_log('ERROR while writing config file after configuration update.' . PHP_EOL . $e->getMessage());
                // TODO: do not handle exceptions/errors in JS.
                echo '<script>alert("' . $e->getMessage() . '");document.location=\'?do=tools\';</script>';
                exit;
            }
            echo '<script>alert("Configuration was saved.");document.location=\'?do=tools\';</script>';
            exit;
        } else {
            $PAGE->assign('token', getToken());
            $PAGE->assign('title', empty($GLOBALS['title']) ? '' : $GLOBALS['title']);
            $PAGE->assign('redirector', empty($GLOBALS['redirector']) ? '' : $GLOBALS['redirector']);
            list($timezone_form, $timezone_js) = generateTimeZoneForm($GLOBALS['timezone']);
            $PAGE->assign('timezone_form', $timezone_form);
            $PAGE->assign('timezone_js', $timezone_js);
            $PAGE->renderPage('configure');
            exit;
        }
    }
    // -------- User wants to rename a tag or delete it
    if ($targetPage == Router::$PAGE_CHANGETAG) {
        if (empty($_POST['fromtag']) || empty($_POST['totag']) && isset($_POST['renametag'])) {
            $PAGE->assign('token', getToken());
            $PAGE->assign('tags', $LINKSDB->allTags());
            $PAGE->renderPage('changetag');
            exit;
        }
        if (!tokenOk($_POST['token'])) {
            die('Wrong token.');
        }
        // Delete a tag:
        if (isset($_POST['deletetag']) && !empty($_POST['fromtag'])) {
            $needle = trim($_POST['fromtag']);
            // True for case-sensitive tag search.
            $linksToAlter = $LINKSDB->filterSearch(array('searchtags' => $needle), true);
            foreach ($linksToAlter as $key => $value) {
                $tags = explode(' ', trim($value['tags']));
                unset($tags[array_search($needle, $tags)]);
                // Remove tag.
                $value['tags'] = trim(implode(' ', $tags));
                $LINKSDB[$key] = $value;
            }
            $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']);
            echo '<script>alert("Tag was removed from ' . count($linksToAlter) . ' links.");document.location=\'?\';</script>';
            exit;
        }
        // Rename a tag:
        if (isset($_POST['renametag']) && !empty($_POST['fromtag']) && !empty($_POST['totag'])) {
            $needle = trim($_POST['fromtag']);
            // True for case-sensitive tag search.
            $linksToAlter = $LINKSDB->filterSearch(array('searchtags' => $needle), true);
            foreach ($linksToAlter as $key => $value) {
                $tags = explode(' ', trim($value['tags']));
                $tags[array_search($needle, $tags)] = trim($_POST['totag']);
                // Replace tags value.
                $value['tags'] = trim(implode(' ', $tags));
                $LINKSDB[$key] = $value;
            }
            $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']);
            // Save to disk.
            echo '<script>alert("Tag was renamed in ' . count($linksToAlter) . ' links.");document.location=\'?searchtags=' . urlencode($_POST['totag']) . '\';</script>';
            exit;
        }
    }
    // -------- User wants to add a link without using the bookmarklet: Show form.
    if ($targetPage == Router::$PAGE_ADDLINK) {
        $PAGE->renderPage('addlink');
        exit;
    }
    // -------- User clicked the "Save" button when editing a link: Save link to database.
    if (isset($_POST['save_edit'])) {
        // Go away!
        if (!tokenOk($_POST['token'])) {
            die('Wrong token.');
        }
        // Remove multiple spaces.
        $tags = trim(preg_replace('/\\s\\s+/', ' ', $_POST['lf_tags']));
        // Remove first '-' char in tags.
        $tags = preg_replace('/(^| )\\-/', '$1', $tags);
        // Remove duplicates.
        $tags = implode(' ', array_unique(explode(' ', $tags)));
        $linkdate = $_POST['lf_linkdate'];
        $url = trim($_POST['lf_url']);
        if (!startsWith($url, 'http:') && !startsWith($url, 'https:') && !startsWith($url, 'ftp:') && !startsWith($url, 'magnet:') && !startsWith($url, '?') && !startsWith($url, 'javascript:')) {
            $url = 'http://' . $url;
        }
        $link = array('title' => trim($_POST['lf_title']), 'url' => $url, 'description' => $_POST['lf_description'], 'private' => isset($_POST['lf_private']) ? 1 : 0, 'linkdate' => $linkdate, 'tags' => str_replace(',', ' ', $tags));
        // If title is empty, use the URL as title.
        if ($link['title'] == '') {
            $link['title'] = $link['url'];
        }
        $pluginManager->executeHooks('save_link', $link);
        $LINKSDB[$linkdate] = $link;
        $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']);
        pubsubhub();
        // If we are called from the bookmarklet, we must close the popup:
        if (isset($_GET['source']) && ($_GET['source'] == 'bookmarklet' || $_GET['source'] == 'firefoxsocialapi')) {
            echo '<script>self.close();</script>';
            exit;
        }
        $returnurl = !empty($_POST['returnurl']) ? $_POST['returnurl'] : '?';
        $location = generateLocation($returnurl, $_SERVER['HTTP_HOST'], array('addlink', 'post', 'edit_link'));
        // Scroll to the link which has been edited.
        $location .= '#' . smallHash($_POST['lf_linkdate']);
        // After saving the link, redirect to the page the user was on.
        header('Location: ' . $location);
        exit;
    }
    // -------- User clicked the "Cancel" button when editing a link.
    if (isset($_POST['cancel_edit'])) {
        // If we are called from the bookmarklet, we must close the popup:
        if (isset($_GET['source']) && ($_GET['source'] == 'bookmarklet' || $_GET['source'] == 'firefoxsocialapi')) {
            echo '<script>self.close();</script>';
            exit;
        }
        $returnurl = isset($_POST['returnurl']) ? $_POST['returnurl'] : '?';
        $returnurl .= '#' . smallHash($_POST['lf_linkdate']);
        // Scroll to the link which has been edited.
        $returnurl = generateLocation($returnurl, $_SERVER['HTTP_HOST'], array('addlink', 'post', 'edit_link'));
        header('Location: ' . $returnurl);
        // After canceling, redirect to the page the user was on.
        exit;
    }
    // -------- User clicked the "Delete" button when editing a link: Delete link from database.
    if (isset($_POST['delete_link'])) {
        if (!tokenOk($_POST['token'])) {
            die('Wrong token.');
        }
        // We do not need to ask for confirmation:
        // - confirmation is handled by JavaScript
        // - we are protected from XSRF by the token.
        $linkdate = $_POST['lf_linkdate'];
        $pluginManager->executeHooks('delete_link', $LINKSDB[$linkdate]);
        unset($LINKSDB[$linkdate]);
        $LINKSDB->savedb($GLOBALS['config']['PAGECACHE']);
        // save to disk
        // If we are called from the bookmarklet, we must close the popup:
        if (isset($_GET['source']) && ($_GET['source'] == 'bookmarklet' || $_GET['source'] == 'firefoxsocialapi')) {
            echo '<script>self.close();</script>';
            exit;
        }
        // Pick where we're going to redirect
        // =============================================================
        // Basically, we can't redirect to where we were previously if it was a permalink
        // or an edit_link, because it would 404.
        // Cases:
        //    - /             : nothing in $_GET, redirect to self
        //    - /?page        : redirect to self
        //    - /?searchterm  : redirect to self (there might be other links)
        //    - /?searchtags  : redirect to self
        //    - /permalink    : redirect to / (the link does not exist anymore)
        //    - /?edit_link   : redirect to / (the link does not exist anymore)
        // PHP treats the permalink as a $_GET variable, so we need to check if every condition for self
        // redirect is not satisfied, and only then redirect to /
        $location = "?";
        // Self redirection
        if (count($_GET) == 0 || isset($_GET['page']) || isset($_GET['searchterm']) || isset($_GET['searchtags'])) {
            if (isset($_POST['returnurl'])) {
                $location = $_POST['returnurl'];
                // Handle redirects given by the form
            } else {
                $location = generateLocation($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'], array('delete_link'));
            }
        }
        header('Location: ' . $location);
        // After deleting the link, redirect to appropriate location
        exit;
    }
    // -------- User clicked the "EDIT" button on a link: Display link edit form.
    if (isset($_GET['edit_link'])) {
        $link = $LINKSDB[$_GET['edit_link']];
        // Read database
        if (!$link) {
            header('Location: ?');
            exit;
        }
        // Link not found in database.
        $data = array('link' => $link, 'link_is_new' => false, 'token' => getToken(), 'http_referer' => isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']) : '', 'tags' => $LINKSDB->allTags());
        $pluginManager->executeHooks('render_editlink', $data);
        foreach ($data as $key => $value) {
            $PAGE->assign($key, $value);
        }
        $PAGE->renderPage('editlink');
        exit;
    }
    // -------- User want to post a new link: Display link edit form.
    if (isset($_GET['post'])) {
        $url = cleanup_url($_GET['post']);
        $link_is_new = false;
        // Check if URL is not already in database (in this case, we will edit the existing link)
        $link = $LINKSDB->getLinkFromUrl($url);
        if (!$link) {
            $link_is_new = true;
            $linkdate = strval(date('Ymd_His'));
            // Get title if it was provided in URL (by the bookmarklet).
            $title = empty($_GET['title']) ? '' : escape($_GET['title']);
            // Get description if it was provided in URL (by the bookmarklet). [Bronco added that]
            $description = empty($_GET['description']) ? '' : escape($_GET['description']);
            $tags = empty($_GET['tags']) ? '' : escape($_GET['tags']);
            $private = !empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0;
            // If this is an HTTP(S) link, we try go get the page to extract the title (otherwise we will to straight to the edit form.)
            if (empty($title) && strpos(get_url_scheme($url), 'http') !== false) {
                // Short timeout to keep the application responsive
                list($headers, $content) = get_http_response($url, 4);
                if (strpos($headers[0], '200 OK') !== false) {
                    // Retrieve charset.
                    $charset = get_charset($headers, $content);
                    // Extract title.
                    $title = html_extract_title($content);
                    // Re-encode title in utf-8 if necessary.
                    if (!empty($title) && strtolower($charset) != 'utf-8') {
                        $title = mb_convert_encoding($title, 'utf-8', $charset);
                    }
                }
            }
            if ($url == '') {
                $url = '?' . smallHash($linkdate);
                $title = 'Note: ';
            }
            $url = escape($url);
            $title = escape($title);
            $link = array('linkdate' => $linkdate, 'title' => $title, 'url' => $url, 'description' => $description, 'tags' => $tags, 'private' => $private);
        }
        $data = array('link' => $link, 'link_is_new' => $link_is_new, 'token' => getToken(), 'http_referer' => isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']) : '', 'source' => isset($_GET['source']) ? $_GET['source'] : '', 'tags' => $LINKSDB->allTags());
        $pluginManager->executeHooks('render_editlink', $data);
        foreach ($data as $key => $value) {
            $PAGE->assign($key, $value);
        }
        $PAGE->renderPage('editlink');
        exit;
    }
    if ($targetPage == Router::$PAGE_EXPORT) {
        // Export links as a Netscape Bookmarks file
        if (empty($_GET['selection'])) {
            $PAGE->renderPage('export');
            exit;
        }
        // export as bookmarks_(all|private|public)_YYYYmmdd_HHMMSS.html
        $selection = $_GET['selection'];
        if (isset($_GET['prepend_note_url'])) {
            $prependNoteUrl = $_GET['prepend_note_url'];
        } else {
            $prependNoteUrl = false;
        }
        try {
            $PAGE->assign('links', NetscapeBookmarkUtils::filterAndFormat($LINKSDB, $selection, $prependNoteUrl, index_url($_SERVER)));
        } catch (Exception $exc) {
            header('Content-Type: text/plain; charset=utf-8');
            echo $exc->getMessage();
            exit;
        }
        $now = new DateTime();
        header('Content-Type: text/html; charset=utf-8');
        header('Content-disposition: attachment; filename=bookmarks_' . $selection . '_' . $now->format(LinkDB::LINK_DATE_FORMAT) . '.html');
        $PAGE->assign('date', $now->format(DateTime::RFC822));
        $PAGE->assign('eol', PHP_EOL);
        $PAGE->assign('selection', $selection);
        $PAGE->renderPage('export.bookmarks');
        exit;
    }
    // -------- User is uploading a file for import
    if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=upload')) {
        // If file is too big, some form field may be missing.
        if (!isset($_POST['token']) || !isset($_FILES) || isset($_FILES['filetoupload']['size']) && $_FILES['filetoupload']['size'] == 0) {
            $returnurl = empty($_SERVER['HTTP_REFERER']) ? '?' : $_SERVER['HTTP_REFERER'];
            echo '<script>alert("The file you are trying to upload is probably bigger than what this webserver can accept (' . getMaxFileSize() . ' bytes). Please upload in smaller chunks.");document.location=\'' . escape($returnurl) . '\';</script>';
            exit;
        }
        if (!tokenOk($_POST['token'])) {
            die('Wrong token.');
        }
        importFile($LINKSDB);
        exit;
    }
    // -------- Show upload/import dialog:
    if ($targetPage == Router::$PAGE_IMPORT) {
        $PAGE->assign('token', getToken());
        $PAGE->assign('maxfilesize', getMaxFileSize());
        $PAGE->renderPage('import');
        exit;
    }
    // Plugin administration page
    if ($targetPage == Router::$PAGE_PLUGINSADMIN) {
        $pluginMeta = $pluginManager->getPluginsMeta();
        // Split plugins into 2 arrays: ordered enabled plugins and disabled.
        $enabledPlugins = array_filter($pluginMeta, function ($v) {
            return $v['order'] !== false;
        });
        // Load parameters.
        $enabledPlugins = load_plugin_parameter_values($enabledPlugins, $GLOBALS['plugins']);
        uasort($enabledPlugins, function ($a, $b) {
            return $a['order'] - $b['order'];
        });
        $disabledPlugins = array_filter($pluginMeta, function ($v) {
            return $v['order'] === false;
        });
        $PAGE->assign('enabledPlugins', $enabledPlugins);
        $PAGE->assign('disabledPlugins', $disabledPlugins);
        $PAGE->renderPage('pluginsadmin');
        exit;
    }
    // Plugin administration form action
    if ($targetPage == Router::$PAGE_SAVE_PLUGINSADMIN) {
        try {
            if (isset($_POST['parameters_form'])) {
                unset($_POST['parameters_form']);
                foreach ($_POST as $param => $value) {
                    $GLOBALS['plugins'][$param] = escape($value);
                }
            } else {
                $GLOBALS['config']['ENABLED_PLUGINS'] = save_plugin_config($_POST);
            }
            writeConfig($GLOBALS, isLoggedIn());
        } catch (Exception $e) {
            error_log('ERROR while saving plugin configuration:.' . PHP_EOL . $e->getMessage());
            // TODO: do not handle exceptions/errors in JS.
            echo '<script>alert("' . $e->getMessage() . '");document.location=\'?do=' . Router::$PAGE_PLUGINSADMIN . '\';</script>';
            exit;
        }
        header('Location: ?do=' . Router::$PAGE_PLUGINSADMIN);
        exit;
    }
    // -------- Otherwise, simply display search form and links:
    showLinkList($PAGE, $LINKSDB);
    exit;
}
Example #4
0
 /**
  * Test findPage: editlink page output.
  * Invalid: page shouldn't be return.
  *
  * @return void
  */
 public function testFindPageEditlinkInvalid()
 {
     $this->assertNotEquals(Router::$PAGE_EDITLINK, Router::findPage('whatever', array('edit_link' => 1), false));
     $this->assertNotEquals(Router::$PAGE_EDITLINK, Router::findPage('whatever', array('edit_link' => 1), 1));
     $this->assertNotEquals(Router::$PAGE_EDITLINK, Router::findPage('whatever', array(), true));
 }