From f6a6ca0aec6cc09ee76d827cc07d3c0ed66c8eb0 Mon Sep 17 00:00:00 2001 From: Sebastien SAUVAGE Date: Sat, 3 Aug 2013 22:00:09 +0200 Subject: [PATCH 1/2] SERVER_NAME changed to HTTP_HOST SERVER_NAME changed to HTTP_HOST because SERVER_NAME can cause problems on some misconfigured hosts. HTTP_HOST is usually more reliable with those servers. (cf. http://stackoverflow.com/questions/2297403/http-host-vs-server-name). This should cause less problem on most hosts. --- index.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/index.php b/index.php index 1d13e55..8b5c912 100644 --- a/index.php +++ b/index.php @@ -41,7 +41,7 @@ define('PHPSUFFIX',' */ ?>'); // Suffix to encapsulate data in php code. // Force cookie path (but do not change lifetime) $cookie=session_get_cookie_params(); $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; -session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['SERVER_NAME']); // Set default cookie expiration and path. +session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['HTTP_HOST']); // Set default cookie expiration and path. // Set session parameters on server side. define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired. @@ -400,14 +400,14 @@ if (isset($_POST['login'])) $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // Set session expiration on server-side. $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; - session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['SERVER_NAME']); // Set session cookie expiration on client side + session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['HTTP_HOST']); // Set session cookie expiration on client side // Note: Never forget the trailing slash on the cookie path ! session_regenerate_id(true); // Send cookie with new expiration date to browser. } else // Standard session expiration (=when browser closes) { $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; - session_set_cookie_params(0,$cookiedir,$_SERVER['SERVER_NAME']); // 0 means "When browser closes" + session_set_cookie_params(0,$cookiedir,$_SERVER['HTTP_HOST']); // 0 means "When browser closes" session_regenerate_id(true); } // Optional redirect after login: @@ -439,7 +439,7 @@ function serverUrl() { $https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) || $_SERVER["SERVER_PORT"]=='443'; // HTTPS detection. $serverport = ($_SERVER["SERVER_PORT"]=='80' || ($https && $_SERVER["SERVER_PORT"]=='443') ? '' : ':'.$_SERVER["SERVER_PORT"]); - return 'http'.($https?'s':'').'://'.$_SERVER["SERVER_NAME"].$serverport; + return 'http'.($https?'s':'').'://'.$_SERVER['HTTP_HOST'].$serverport; } // Returns the absolute URL of current script, without the query. @@ -1279,7 +1279,7 @@ function renderPage() if (is_numeric($_GET['linksperpage'])) { $_SESSION['LINKS_PER_PAGE']=abs(intval($_GET['linksperpage'])); } // Make sure the referer is from Shaarli itself. $referer = '?'; - if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['SERVER_NAME'])==0) + if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0) $referer = $_SERVER['HTTP_REFERER']; header('Location: '.$referer); exit; @@ -1298,7 +1298,7 @@ function renderPage() } // Make sure the referer is from Shaarli itself. $referer = '?'; - if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['SERVER_NAME'])==0) + if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0) $referer = $_SERVER['HTTP_REFERER']; header('Location: '.$referer); exit; @@ -2009,7 +2009,7 @@ function lazyThumbnail($url,$href=false) function install() { // On free.fr host, make sure the /sessions directory exists, otherwise login will not work. - if (endsWith($_SERVER['SERVER_NAME'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705); + if (endsWith($_SERVER['HTTP_HOST'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705); // This part makes sure sessions works correctly. From 002ef0e5c8ed2bab38e205a5d54617780f25c3a9 Mon Sep 17 00:00:00 2001 From: Sebastien SAUVAGE Date: Sat, 3 Aug 2013 22:10:04 +0200 Subject: [PATCH 2/2] Better encoding handling in title parsing Thanks to a patch from Le Hollandais Volant. --- index.php | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/index.php b/index.php index 8b5c912..d88f471 100644 --- a/index.php +++ b/index.php @@ -1545,8 +1545,29 @@ function renderPage() { list($status,$headers,$data) = getHTTP($url,4); // Short timeout to keep the application responsive. // FIXME: Decode charset according to specified in either 1) HTTP response headers or 2) in html - if (strpos($status,'200 OK')!==false) $title=html_entity_decode(html_extract_title($data),ENT_QUOTES,'UTF-8'); - + if (strpos($status,'200 OK')!==false) + { + // Look for charset in html header. + preg_match('##Usi', $data, $meta); + + // If found, extract encoding. + if (!empty($meta[0])) + { + // Get encoding specified in header. + preg_match('#charset="?(.*)"#si', $meta[0], $enc); + // If charset not found, use utf-8. + $html_charset = (!empty($enc[1])) ? strtolower($enc[1]) : 'utf-8'; + } + else { $html_charset = 'utf-8'; } + + // Extract title + $title = html_extract_title($data); + if (!empty($title)) + { + // Re-encode title in utf-8 if necessary. + $title = ($html_charset == 'iso-8859-1') ? utf8_encode($title) : $title; + } + } } if ($url=='') $url='?'.smallHash($linkdate); // In case of empty URL, this is just a text (with a link that point to itself) $link = array('linkdate'=>$linkdate,'title'=>$title,'url'=>$url,'description'=>$description,'tags'=>$tags,'private'=>0);