Knah-Tsaeb/MyShaarli
Knah-Tsaeb/MyShaarli
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Rename configuration keys and fix GLOBALS in templates

Browse source
This commit is contained in:
ArthurHoaro 2016-05-29 16:10:32 +02:00
parent eeea1c3daa
commit da10377b3c
18 changed files with 350 additions and 323 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
application/ApplicationUtils.php
View file

@ -144,20 +144,19 @@ public static function checkResourcePermissions()
'application',
'inc',
'plugins',
$conf->get('config.RAINTPL_TPL'),
$conf->get('path.raintpl_tpl'),
) as $path) {
if (! is_readable(realpath($path))) {
$errors[] = '"'.$path.'" directory is not readable';
}
}
$datadir = $conf->get('config.DATADIR');
// Check cache and data directories are readable and writeable
foreach (array(
$conf->get('config.CACHEDIR'),
$datadir,
$conf->get('config.PAGECACHE'),
$conf->get('config.RAINTPL_TMP'),
$conf->get('path.thumbnails_cache'),
$conf->get('path.data_dir'),
$conf->get('path.page_cache'),
$conf->get('path.raintpl_tmp'),
) as $path) {
if (! is_readable(realpath($path))) {
$errors[] = '"'.$path.'" directory is not readable';
@ -170,10 +169,10 @@ public static function checkResourcePermissions()
// Check configuration files are readable and writeable
foreach (array(
$conf->getConfigFile(),
$conf->get('config.DATASTORE'),
$conf->get('config.IPBANS_FILENAME'),
$conf->get('config.LOG_FILE'),
$conf->get('config.UPDATECHECK_FILENAME'),
$conf->get('path.datastore'),
$conf->get('path.ban_file'),
$conf->get('path.log'),
$conf->get('path.update_check'),
) as $path) {
if (! is_file(realpath($path))) {
# the file may not exist yet

25
application/PageBuilder.php
View file

@ -34,17 +34,17 @@ private function initialize()
try {
$version = ApplicationUtils::checkUpdate(
shaarli_version,
$conf->get('config.UPDATECHECK_FILENAME'),
$conf->get('config.UPDATECHECK_INTERVAL'),
$conf->get('config.ENABLE_UPDATECHECK'),
$conf->get('path.update_check'),
$conf->get('general.check_updates_interval'),
$conf->get('general.check_updates'),
isLoggedIn(),
$conf->get('config.UPDATECHECK_BRANCH')
$conf->get('general.check_updates_branch')
);
$this->tpl->assign('newVersion', escape($version));
$this->tpl->assign('versionError', '');
} catch (Exception $exc) {
logm($conf->get('config.LOG_FILE'), $_SERVER['REMOTE_ADDR'], $exc->getMessage());
logm($conf->get('path.log'), $_SERVER['REMOTE_ADDR'], $exc->getMessage());
$this->tpl->assign('newVersion', '');
$this->tpl->assign('versionError', escape($exc->getMessage()));
}
@ -63,20 +63,19 @@ private function initialize()
$this->tpl->assign('scripturl', index_url($_SERVER));
$this->tpl->assign('pagetitle', 'Shaarli');
$this->tpl->assign('privateonly', !empty($_SESSION['privateonly'])); // Show only private links?
if ($conf->exists('title')) {
$this->tpl->assign('pagetitle', $conf->get('title'));
if ($conf->exists('general.title')) {
$this->tpl->assign('pagetitle', $conf->get('general.title'));
}
if ($conf->exists('titleLink')) {
$this->tpl->assign('titleLink', $conf->get('titleLink'));
if ($conf->exists('general.header_link')) {
$this->tpl->assign('titleLink', $conf->get('general.header_link'));
}
if ($conf->exists('pagetitle')) {
$this->tpl->assign('pagetitle', $conf->get('pagetitle'));
}
$this->tpl->assign('shaarlititle', $conf->get('title', 'Shaarli'));
$this->tpl->assign('openshaarli', $conf->get('config.OPEN_SHAARLI', false));
$this->tpl->assign('showatom', $conf->get('config.SHOW_ATOM', false));
$this->tpl->assign('hide_timestamps', $conf->get('config.HIDE_TIMESTAMPS', false));
// FIXME! Globals
$this->tpl->assign('openshaarli', $conf->get('extras.open_shaarli', false));
$this->tpl->assign('showatom', $conf->get('extras.show_atom', false));
$this->tpl->assign('hide_timestamps', $conf->get('extras.hide_timestamps', false));
if (!empty($GLOBALS['plugin_errors'])) {
$this->tpl->assign('plugin_errors', $GLOBALS['plugin_errors']);
}

21
application/Updater.php
View file

@ -109,8 +109,8 @@ public function updateMethodMergeDeprecatedConfigFile()
{
$conf = ConfigManager::getInstance();
if (is_file($conf->get('config.DATADIR') . '/options.php')) {
include $conf->get('config.DATADIR') . '/options.php';
if (is_file($conf->get('path.data_dir') . '/options.php')) {
include $conf->get('path.data_dir') . '/options.php';
// Load GLOBALS into config
$allowedKeys = array_merge(ConfigPhp::$ROOT_KEYS);
@ -121,7 +121,7 @@ public function updateMethodMergeDeprecatedConfigFile()
}
}
$conf->write($this->isLoggedIn);
unlink($conf->get('config.DATADIR').'/options.php');
unlink($conf->get('path.data_dir').'/options.php');
}
return true;
@ -139,14 +139,15 @@ public function updateMethodRenameDashTags()
$link['tags'] = implode(' ', array_unique(LinkFilter::tagsStrToArray($link['tags'], true)));
$this->linkDB[$link['linkdate']] = $link;
}
$this->linkDB->savedb($conf->get('config.PAGECACHE'));
$this->linkDB->savedb($conf->get('path.page_cache'));
return true;
}
/**
* Move old configuration in PHP to the new config system in JSON format.
*
* Will rename 'config.php' into 'config.save.php' and create 'config.json'.
* Will rename 'config.php' into 'config.save.php' and create 'config.json.php'.
* It will also convert legacy setting keys to the new ones.
*/
public function updateMethodConfigToJson()
{
@ -164,15 +165,21 @@ public function updateMethodConfigToJson()
$conf->setConfigIO($configJson);
$conf->reload();
$legacyMap = array_flip(ConfigPhp::$LEGACY_KEYS_MAPPING);
foreach (ConfigPhp::$ROOT_KEYS as $key) {
$conf->set($key, $oldConfig[$key]);
$conf->set($legacyMap[$key], $oldConfig[$key]);
}
// Set sub config keys (config and plugins)
$subConfig = array('config', 'plugins');
foreach ($subConfig as $sub) {
foreach ($oldConfig[$sub] as $key => $value) {
$conf->set($sub .'.'. $key, $value);
if (isset($legacyMap[$sub .'.'. $key])) {
$configKey = $legacyMap[$sub .'.'. $key];
} else {
$configKey = $sub .'.'. $key;
}
$conf->set($configKey, $value);
}
}

33
application/config/ConfigJson.php
View file

@ -7,30 +7,16 @@
*/
class ConfigJson implements ConfigIO
{
/**
* The JSON data is wrapped in a PHP file for security purpose.
* This way, even if the file is accessible, credentials and configuration won't be exposed.
*
* @var string PHP start tag and comment tag.
*/
public static $PHP_HEADER;
public function __construct()
{
// The field can't be initialized directly with concatenation before PHP 5.6.
self::$PHP_HEADER = '<?php /*'. PHP_EOL;
}
/**
* @inheritdoc
*/
function read($filepath)
{
if (! file_exists($filepath) || ! is_readable($filepath)) {
if (! is_readable($filepath)) {
return array();
}
$data = file_get_contents($filepath);
$data = str_replace(self::$PHP_HEADER, '', $data);
$data = str_replace(self::getPhpHeaders(), '', $data);
$data = json_decode($data, true);
if ($data === null) {
$error = json_last_error();
@ -46,7 +32,7 @@ function write($filepath, $conf)
{
// JSON_PRETTY_PRINT is available from PHP 5.4.
$print = defined('JSON_PRETTY_PRINT') ? JSON_PRETTY_PRINT : 0;
$data = self::$PHP_HEADER . json_encode($conf, $print);
$data = self::getPhpHeaders() . json_encode($conf, $print);
if (!file_put_contents($filepath, $data)) {
throw new IOException(
$filepath,
@ -63,4 +49,17 @@ function getExtension()
{
return '.json.php';
}
/**
* The JSON data is wrapped in a PHP file for security purpose.
* This way, even if the file is accessible, credentials and configuration won't be exposed.
*
* Note: this isn't a static field because concatenation isn't supported in field declaration before PHP 5.6.
*
* @return string PHP start tag and comment tag.
*/
public static function getPhpHeaders()
{
return '<?php /*'. PHP_EOL;
}
}

83
application/config/ConfigManager.php
View file

@ -116,6 +116,11 @@ protected function load()
*/
public function get($setting, $default = '')
{
// During the ConfigIO transition, map legacy settings to the new ones.
if ($this->configIO instanceof ConfigPhp && isset(ConfigPhp::$LEGACY_KEYS_MAPPING[$setting])) {
$setting = ConfigPhp::$LEGACY_KEYS_MAPPING[$setting];
}
$settings = explode('.', $setting);
$value = self::getConfig($settings, $this->loadedConfig);
if ($value === self::$NOT_FOUND) {
@ -142,6 +147,11 @@ public function set($setting, $value, $write = false, $isLoggedIn = false)
throw new Exception('Invalid setting key parameter. String expected, got: '. gettype($setting));
}
// During the ConfigIO transition, map legacy settings to the new ones.
if ($this->configIO instanceof ConfigPhp && isset(ConfigPhp::$LEGACY_KEYS_MAPPING[$setting])) {
$setting = ConfigPhp::$LEGACY_KEYS_MAPPING[$setting];
}
$settings = explode('.', $setting);
self::setConfig($settings, $value, $this->loadedConfig);
if ($write) {
@ -160,6 +170,11 @@ public function set($setting, $value, $write = false, $isLoggedIn = false)
*/
public function exists($setting)
{
// During the ConfigIO transition, map legacy settings to the new ones.
if ($this->configIO instanceof ConfigPhp && isset(ConfigPhp::$LEGACY_KEYS_MAPPING[$setting])) {
$setting = ConfigPhp::$LEGACY_KEYS_MAPPING[$setting];
}
$settings = explode('.', $setting);
$value = self::getConfig($settings, $this->loadedConfig);
if ($value === self::$NOT_FOUND) {
@ -183,8 +198,15 @@ public function write($isLoggedIn)
{
// These fields are required in configuration.
$mandatoryFields = array(
'login', 'hash', 'salt', 'timezone', 'title', 'titleLink',
'redirector', 'disablesessionprotection', 'privateLinkByDefault'
'credentials.login',
'credentials.hash',
'credentials.salt',
'security.session_protection_disabled',
'general.timezone',
'general.title',
'general.header_link',
'general.default_private_links',
'extras.redirector',
);
// Only logged in user can alter config.
@ -265,75 +287,78 @@ protected static function setConfig($settings, $value, &$conf)
protected function setDefaultValues()
{
// Data subdirectory
$this->setEmpty('config.DATADIR', 'data');
$this->setEmpty('path.data_dir', 'data');
// Main configuration file
$this->setEmpty('config.CONFIG_FILE', 'data/config.php');
$this->setEmpty('path.config', 'data/config.php');
// Link datastore
$this->setEmpty('config.DATASTORE', 'data/datastore.php');
$this->setEmpty('path.datastore', 'data/datastore.php');
// Banned IPs
$this->setEmpty('config.IPBANS_FILENAME', 'data/ipbans.php');
$this->setEmpty('path.ban_file', 'data/ipbans.php');
// Processed updates file.
$this->setEmpty('config.UPDATES_FILE', 'data/updates.txt');
$this->setEmpty('path.updates', 'data/updates.txt');
// Access log
$this->setEmpty('config.LOG_FILE', 'data/log.txt');
$this->setEmpty('path.log', 'data/log.txt');
// For updates check of Shaarli
$this->setEmpty('config.UPDATECHECK_FILENAME', 'data/lastupdatecheck.txt');
$this->setEmpty('path.update_check', 'data/lastupdatecheck.txt');
// Set ENABLE_UPDATECHECK to disabled by default.
$this->setEmpty('config.ENABLE_UPDATECHECK', false);
$this->setEmpty('general.check_updates', false);
// RainTPL cache directory (keep the trailing slash!)
$this->setEmpty('config.RAINTPL_TMP', 'tmp/');
$this->setEmpty('path.raintpl_tmp', 'tmp/');
// Raintpl template directory (keep the trailing slash!)
$this->setEmpty('config.RAINTPL_TPL', 'tpl/');
$this->setEmpty('path.raintpl_tpl', 'tpl/');
// Thumbnail cache directory
$this->setEmpty('config.CACHEDIR', 'cache');
$this->setEmpty('path.thumbnails_cache', 'cache');
// Atom & RSS feed cache directory
$this->setEmpty('config.PAGECACHE', 'pagecache');
$this->setEmpty('path.page_cache', 'pagecache');
// Ban IP after this many failures
$this->setEmpty('config.BAN_AFTER', 4);
$this->setEmpty('security.ban_after', 4);
// Ban duration for IP address after login failures (in seconds)
$this->setEmpty('config.BAN_DURATION', 1800);
$this->setEmpty('security.ban_after', 1800);
// Feed options
// Enable RSS permalinks by default.
// This corresponds to the default behavior of shaarli before this was added as an option.
$this->setEmpty('config.ENABLE_RSS_PERMALINKS', true);
$this->setEmpty('general.rss_permalinks', true);
// If true, an extra "ATOM feed" button will be displayed in the toolbar
$this->setEmpty('config.SHOW_ATOM', false);
$this->setEmpty('extras.show_atom', false);
// Link display options
$this->setEmpty('config.HIDE_PUBLIC_LINKS', false);
$this->setEmpty('config.HIDE_TIMESTAMPS', false);
$this->setEmpty('config.LINKS_PER_PAGE', 20);
$this->setEmpty('extras.hide_public_links', false);
$this->setEmpty('extras.hide_timestamps', false);
$this->setEmpty('general.links_per_page', 20);
// Private checkbox is checked by default
$this->setEmpty('general.default_private_links', false);
// Open Shaarli (true): anyone can add/edit/delete links without having to login
$this->setEmpty('config.OPEN_SHAARLI', false);
$this->setEmpty('extras.open_shaarli', false);
// Thumbnails
// Display thumbnails in links
$this->setEmpty('config.ENABLE_THUMBNAILS', true);
$this->setEmpty('general.enable_thumbnails', true);
// Store thumbnails in a local cache
$this->setEmpty('config.ENABLE_LOCALCACHE', true);
$this->setEmpty('general.enable_localcache', true);
// Update check frequency for Shaarli. 86400 seconds=24 hours
$this->setEmpty('config.UPDATECHECK_BRANCH', 'stable');
$this->setEmpty('config.UPDATECHECK_INTERVAL', 86400);
$this->setEmpty('general.check_updates_branch', 'stable');
$this->setEmpty('general.check_updates_interval', 86400);
$this->setEmpty('redirector', '');
$this->setEmpty('config.REDIRECTOR_URLENCODE', true);
$this->setEmpty('extras.redirector', '');
$this->setEmpty('extras.redirector_encode_url', true);
// Enabled plugins.
$this->setEmpty('config.ENABLED_PLUGINS', array('qrcode'));
$this->setEmpty('general.enabled_plugins', array('qrcode'));
// Initialize plugin parameters array.
$this->setEmpty('plugins', array());

45
application/config/ConfigPhp.php
View file

@ -23,6 +23,51 @@ class ConfigPhp implements ConfigIO
'privateLinkByDefault',
);
/**
* Map legacy config keys with the new ones.
* If ConfigPhp is used, getting <newkey> will actually look for <legacykey>.
* The Updater will use this array to transform keys when switching to JSON.
*
* @var array current key => legacy key.
*/
public static $LEGACY_KEYS_MAPPING = array(
'credentials.login' => 'login',
'credentials.hash' => 'hash',
'credentials.salt' => 'salt',
'path.data_dir' => 'config.DATADIR',
'path.config' => 'config.CONFIG_FILE',
'path.datastore' => 'config.DATASTORE',
'path.updates' => 'config.UPDATES_FILE',
'path.log' => 'config.LOG_FILE',
'path.update_check' => 'config.UPDATECHECK_FILENAME',
'path.raintpl_tpl' => 'config.RAINTPL_TPL',
'path.raintpl_tmp' => 'config.RAINTPL_TMP',
'path.thumbnails_cache' => 'config.CACHEDIR',
'path.page_cache' => 'config.PAGECACHE',
'path.ban_file' => 'config.IPBANS_FILENAME',
'security.session_protection_disabled' => 'disablesessionprotection',
'security.ban_after' => 'config.BAN_AFTER',
'security.ban_duration' => 'config.BAN_DURATION',
'general.title' => 'title',
'general.timezone' => 'timezone',
'general.header_link' => 'titleLink',
'general.check_updates' => 'config.ENABLE_UPDATECHECK',
'general.check_updates_branch' => 'config.UPDATECHECK_BRANCH',
'general.check_updates_interval' => 'config.UPDATECHECK_INTERVAL',
'general.default_private_links' => 'privateLinkByDefault',
'general.rss_permalinks' => 'config.ENABLE_RSS_PERMALINKS',
'general.links_per_page' => 'config.LINKS_PER_PAGE',
'general.enable_thumbnails' => 'config.ENABLE_THUMBNAILS',
'general.enable_localcache' => 'config.ENABLE_LOCALCACHE',
'general.enabled_plugins' => 'config.ENABLED_PLUGINS',
'extras.redirector' => 'redirector',
'extras.redirector_encode_url' => 'config.REDIRECTOR_URLENCODE',
'extras.show_atom' => 'config.SHOW_ATOM',
'extras.hide_public_links' => 'config.HIDE_PUBLIC_LINKS',
'extras.hide_timestamps' => 'config.HIDE_TIMESTAMPS',
'extras.open_shaarli' => 'config.OPEN_SHAARLI',
);
/**
* @inheritdoc
*/

202
index.php
View file

@ -107,13 +107,13 @@
$conf = ConfigManager::getInstance();
RainTPL::$tpl_dir = $conf->get('config.RAINTPL_TPL'); // template directory
RainTPL::$cache_dir = $conf->get('config.RAINTPL_TMP'); // cache directory
RainTPL::$tpl_dir = $conf->get('path.raintpl_tpl'); // template directory
RainTPL::$cache_dir = $conf->get('path.raintpl_tmp'); // cache directory
$pluginManager = PluginManager::getInstance();
$pluginManager->load($conf->get('config.ENABLED_PLUGINS'));
$pluginManager->load($conf->get('general.enabled_plugins'));
date_default_timezone_set($conf->get('timezone', 'UTC'));
date_default_timezone_set($conf->get('general.timezone', 'UTC'));
ob_start(); // Output buffering for the page cache.
@ -133,20 +133,20 @@ function stripslashes_deep($value) { $value = is_array($value) ? array_map('stri
header("Pragma: no-cache");
// Handling of old config file which do not have the new parameters.
if (! $conf->exists('title')) {
$conf->set('title', 'Shared links on '. escape(index_url($_SERVER)));
if (! $conf->exists('general.title')) {
$conf->set('general.title', 'Shared links on '. escape(index_url($_SERVER)));
}
if (! $conf->exists('timezone')) {
$conf->set('timezone', date_default_timezone_get());
if (! $conf->exists('general.timezone')) {
$conf->set('general.timezone', date_default_timezone_get());
}
if (! $conf->exists('disablesessionprotection')) {
$conf->set('disablesessionprotection', false);
if (! $conf->exists('security.session_protection_disabled')) {
$conf->set('security.session_protection_disabled', false);
}
if (! $conf->exists('privateLinkByDefault')) {
$conf->set('privateLinkByDefault', false);
if (! $conf->exists('general.default_private_links')) {
$conf->set('general.default_private_links', false);
}
if (! $conf->exists('titleLink')) {
$conf->set('titleLink', '?');
if (! $conf->exists('general.header_link')) {
$conf->set('general.header_link', '?');
}
if (! is_file($conf->getConfigFile())) {
@ -171,12 +171,12 @@ function stripslashes_deep($value) { $value = is_array($value) ? array_map('stri
}
// FIXME! Update these value with Updater and escpae it during the install/config save.
$conf->set('title', escape($conf->get('title')));
$conf->set('titleLink', escape($conf->get('titleLink')));
$conf->set('redirector', escape($conf->get('redirector')));
$conf->set('general.title', escape($conf->get('general.title')));
$conf->set('general.header_link', escape($conf->get('general.header_link')));
$conf->set('extras.redirector', escape($conf->get('extras.redirector')));
// a token depending of deployment salt, user password, and the current ip
define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('salt')));
define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt')));
// Sniff browser language and set date format accordingly.
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
@ -191,12 +191,12 @@ function stripslashes_deep($value) { $value = is_array($value) ? array_map('stri
function setup_login_state() {
$conf = ConfigManager::getInstance();
if ($conf->get('config.OPEN_SHAARLI')) {
if ($conf->get('extras.open_shaarli')) {
return true;
}
$userIsLoggedIn = false; // By default, we do not consider the user as logged in;
$loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met.
if (! $conf->exists('login')) {
if (! $conf->exists('credentials.login')) {
$userIsLoggedIn = false; // Shaarli is not configured yet.
$loginFailure = true;
}
@ -209,7 +209,7 @@ function setup_login_state() {
}
// If session does not exist on server side, or IP address has changed, or session has expired, logout.
if (empty($_SESSION['uid'])
|| ($conf->get('disablesessionprotection') == false && $_SESSION['ip'] != allIPs())
|| ($conf->get('security.session_protection_disabled') == false && $_SESSION['ip'] != allIPs())
|| time() >= $_SESSION['expires_on'])
{
logout();
@ -266,7 +266,7 @@ function fillSessionInfo() {
$conf = ConfigManager::getInstance();
$_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // Generate unique random number (different than phpsessionid)
$_SESSION['ip']=allIPs(); // We store IP address(es) of the client to make sure session is not hijacked.
$_SESSION['username']= $conf->get('login');
$_SESSION['username']= $conf->get('credentials.login');
$_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Set session expiration.
}
@ -274,14 +274,14 @@ function fillSessionInfo() {
function check_auth($login,$password)
{
$conf = ConfigManager::getInstance();
$hash = sha1($password . $login . $conf->get('salt'));
if ($login == $conf->get('login') && $hash == $conf->get('hash'))
$hash = sha1($password . $login . $conf->get('credentials.salt'));
if ($login == $conf->get('credentials.login') && $hash == $conf->get('credentials.hash'))
{ // Login/password is correct.
fillSessionInfo();
logm($conf->get('config.LOG_FILE'), $_SERVER['REMOTE_ADDR'], 'Login successful');
logm($conf->get('path.log'), $_SERVER['REMOTE_ADDR'], 'Login successful');
return True;
}
logm($conf->get('config.LOG_FILE'), $_SERVER['REMOTE_ADDR'], 'Login failed for user '.$login);
logm($conf->get('path.log'), $_SERVER['REMOTE_ADDR'], 'Login failed for user '.$login);
return False;
}
@ -307,14 +307,14 @@ function logout() {
// ------------------------------------------------------------------------------------------
// Brute force protection system
// Several consecutive failed logins will ban the IP address for 30 minutes.
if (!is_file($conf->get('config.IPBANS_FILENAME', 'data/ipbans.php'))) {
if (!is_file($conf->get('path.ban_file', 'data/ipbans.php'))) {
// FIXME! globals
file_put_contents(
$conf->get('config.IPBANS_FILENAME', 'data/ipbans.php'),
$conf->get('path.ban_file', 'data/ipbans.php'),
"<?php\n\$GLOBALS['IPBANS']=".var_export(array('FAILURES'=>array(),'BANS'=>array()),true).";\n?>"
);
}
include $conf->get('config.IPBANS_FILENAME', 'data/ipbans.php');
include $conf->get('path.ban_file', 'data/ipbans.php');
// Signal a failed login. Will ban the IP if too many failures:
function ban_loginFailed()
{
@ -323,14 +323,14 @@ function ban_loginFailed()
$gb = $GLOBALS['IPBANS'];
if (!isset($gb['FAILURES'][$ip])) $gb['FAILURES'][$ip]=0;
$gb['FAILURES'][$ip]++;
if ($gb['FAILURES'][$ip] > ($conf->get('config.BAN_AFTER') - 1))
if ($gb['FAILURES'][$ip] > ($conf->get('security.ban_after') - 1))
{
$gb['BANS'][$ip] = time() + $conf->get('config.BAN_DURATION', 1800);
logm($conf->get('config.LOG_FILE'), $_SERVER['REMOTE_ADDR'], 'IP address banned from login');
$gb['BANS'][$ip] = time() + $conf->get('security.ban_after', 1800);
logm($conf->get('path.log'), $_SERVER['REMOTE_ADDR'], 'IP address banned from login');
}
$GLOBALS['IPBANS'] = $gb;
file_put_contents(
$conf->get('config.IPBANS_FILENAME', 'data/ipbans.php'),
$conf->get('path.ban_file', 'data/ipbans.php'),
"<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>"
);
}
@ -344,7 +344,7 @@ function ban_loginOk()
unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]);
$GLOBALS['IPBANS'] = $gb;
file_put_contents(
$conf->get('config.IPBANS_FILENAME', 'data/ipbans.php'),
$conf->get('path.ban_file', 'data/ipbans.php'),
"<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>"
);
}
@ -359,10 +359,10 @@ function ban_canLogin()
// User is banned. Check if the ban has expired:
if ($gb['BANS'][$ip]<=time())
{ // Ban expired, user can try to login again.
logm($conf->get('config.LOG_FILE'), $_SERVER['REMOTE_ADDR'], 'Ban lifted.');
logm($conf->get('path.log'), $_SERVER['REMOTE_ADDR'], 'Ban lifted.');
unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]);
file_put_contents(
$conf->get('config.IPBANS_FILENAME', 'data/ipbans.php'),
$conf->get('path.ban_file', 'data/ipbans.php'),
"<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>"
);
return true; // Ban has expired, user can login.
@ -479,7 +479,7 @@ function getMaxFileSize()
function getToken()
{
$conf = ConfigManager::getInstance();
$rnd = sha1(uniqid('', true) .'_'. mt_rand() . $conf->get('salt')); // We generate a random string.
$rnd = sha1(uniqid('', true) .'_'. mt_rand() . $conf->get('credentials.salt')); // We generate a random string.
$_SESSION['tokens'][$rnd]=1; // Store it on the server side.
return $rnd;
}
@ -518,11 +518,11 @@ function showDailyRSS() {
// If cached was not found (or not usable), then read the database and build the response:
// Read links from database (and filter private links if used it not logged in).
$LINKSDB = new LinkDB(
$conf->get('config.DATASTORE'),
$conf->get('path.datastore'),
isLoggedIn(),
$conf->get('config.HIDE_PUBLIC_LINKS'),
$conf->get('redirector'),
$conf->get('config.REDIRECTOR_URLENCODE')
$conf->get('extras.hide_public_links'),
$conf->get('extras.redirector'),
$conf->get('extras.redirector_encode_url')
);
/* Some Shaarlies may have very few links, so we need to look
@ -556,7 +556,7 @@ function showDailyRSS() {
$pageaddr = escape(index_url($_SERVER));
echo '<?xml version="1.0" encoding="UTF-8"?><rss version="2.0">';
echo '<channel>';
echo '<title>Daily - '. $conf->get('title') . '</title>';
echo '<title>Daily - '. $conf->get('general.title') . '</title>';
echo '<link>'. $pageaddr .'</link>';
echo '<description>Daily shared links</description>';
echo '<language>en-en</language>';
@ -575,7 +575,7 @@ function showDailyRSS() {
// We pre-format some fields for proper output.
foreach ($linkdates as $linkdate) {
$l = $LINKSDB[$linkdate];
$l['formatedDescription'] = format_description($l['description'], $conf->get('redirector'));
$l['formatedDescription'] = format_description($l['description'], $conf->get('extras.redirector'));
$l['thumbnail'] = thumbnail($l['url']);
$l_date = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $l['linkdate']);
$l['timestamp'] = $l_date->getTimestamp();
@ -587,11 +587,12 @@ function showDailyRSS() {
// Then build the HTML for this day:
$tpl = new RainTPL;
$tpl->assign('title', $conf->get('title'));
$tpl->assign('title', $conf->get('general.title'));
$tpl->assign('daydate', $dayDate->getTimestamp());
$tpl->assign('absurl', $absurl);
$tpl->assign('links', $links);
$tpl->assign('rssdate', escape($dayDate->format(DateTime::RSS)));
$tpl->assign('hide_timestamps', $conf->get('extras.hide_timestamps', false));
$html = $tpl->draw('dailyrss', $return_string=true);
echo $html . PHP_EOL;
@ -640,7 +641,7 @@ function showDaily($pageBuilder, $LINKSDB)
$taglist = explode(' ',$link['tags']);
uasort($taglist, 'strcasecmp');
$linksToDisplay[$key]['taglist']=$taglist;
$linksToDisplay[$key]['formatedDescription'] = format_description($link['description'], $conf->get('redirector'));
$linksToDisplay[$key]['formatedDescription'] = format_description($link['description'], $conf->get('extras.redirector'));
$linksToDisplay[$key]['thumbnail'] = thumbnail($link['url']);
$date = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $link['linkdate']);
$linksToDisplay[$key]['timestamp'] = $date->getTimestamp();
@ -700,15 +701,15 @@ function renderPage()
{
$conf = ConfigManager::getInstance();
$LINKSDB = new LinkDB(
$conf->get('config.DATASTORE'),
$conf->get('path.datastore'),
isLoggedIn(),
$conf->get('config.HIDE_PUBLIC_LINKS'),
$conf->get('redirector'),
$conf->get('config.REDIRECTOR_URLENCODE')
$conf->get('extras.hide_public_links'),
$conf->get('extras.redirector'),
$conf->get('extras.redirector_encode_url')
);
$updater = new Updater(
read_updates_file($conf->get('config.UPDATES_FILE')),
read_updates_file($conf->get('path.updates')),
$LINKSDB,
isLoggedIn()
);
@ -716,7 +717,7 @@ function renderPage()
$newUpdates = $updater->update();
if (! empty($newUpdates)) {
write_updates_file(
$conf->get('config.UPDATES_FILE'),
$conf->get('path.updates'),
$updater->getDoneUpdates()
);
}
@ -755,7 +756,7 @@ function renderPage()
// -------- Display login form.
if ($targetPage == Router::$PAGE_LOGIN)
{
if ($conf->get('config.OPEN_SHAARLI')) { header('Location: ?'); exit; } // No need to login for open Shaarli
if ($conf->get('extras.open_shaarli')) { header('Location: ?'); exit; } // No need to login for open Shaarli
$token=''; if (ban_canLogin()) $token=getToken(); // Do not waste token generation if not useful.
$PAGE->assign('token',$token);
if (isset($_GET['username'])) {
@ -768,7 +769,7 @@ function renderPage()
// -------- User wants to logout.
if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=logout'))
{
invalidateCaches($conf->get('config.PAGECACHE'));
invalidateCaches($conf->get('path.page_cache'));
logout();
header('Location: ?');
exit;
@ -868,7 +869,7 @@ function renderPage()
// Cache system
$query = $_SERVER['QUERY_STRING'];
$cache = new CachedPage(
$conf->get('config.PAGECACHE'),
$conf->get('path.page_cache'),
page_url($_SERVER),
startsWith($query,'do='. $targetPage) && !isLoggedIn()
);
@ -881,8 +882,8 @@ function renderPage()
// Generate data.
$feedGenerator = new FeedBuilder($LINKSDB, $feedType, $_SERVER, $_GET, isLoggedIn());
$feedGenerator->setLocale(strtolower(setlocale(LC_COLLATE, 0)));
$feedGenerator->setHideDates($conf->get('config.HIDE_TIMESTAMPS') && !isLoggedIn());
$feedGenerator->setUsePermalinks(isset($_GET['permalinks']) || !$conf->get('config.ENABLE_RSS_PERMALINKS'));
$feedGenerator->setHideDates($conf->get('extras.hide_timestamps') && !isLoggedIn());
$feedGenerator->setUsePermalinks(isset($_GET['permalinks']) || !$conf->get('general.rss_permalinks'));
$pshUrl = $conf->get('config.PUBSUBHUB_URL');
if (!empty($pshUrl)) {
$feedGenerator->setPubsubhubUrl($pshUrl);
@ -1046,7 +1047,7 @@ function renderPage()
// -------- User wants to change his/her password.
if ($targetPage == Router::$PAGE_CHANGEPASSWORD)
{
if ($conf->get('config.OPEN_SHAARLI')) {
if ($conf->get('extras.open_shaarli')) {
die('You are not supposed to change a password on an Open Shaarli.');
}
@ -1055,12 +1056,12 @@ function renderPage()
if (!tokenOk($_POST['token'])) die('Wrong token.'); // Go away!
// Make sure old password is correct.
$oldhash = sha1($_POST['oldpassword'].$conf->get('login').$conf->get('salt'));
if ($oldhash!= $conf->get('hash')) { echo '<script>alert("The old password is not correct.");document.location=\'?do=changepasswd\';</script>'; exit; }
$oldhash = sha1($_POST['oldpassword'].$conf->get('credentials.login').$conf->get('credentials.salt'));
if ($oldhash!= $conf->get('credentials.hash')) { echo '<script>alert("The old password is not correct.");document.location=\'?do=changepasswd\';</script>'; exit; }
// Save new password
// Salt renders rainbow-tables attacks useless.
$conf->set('salt', sha1(uniqid('', true) .'_'. mt_rand()));
$conf->set('hash', sha1($_POST['setpassword'] . $conf->get('login') . $conf->get('salt')));
$conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand()));
$conf->set('credentials.hash', sha1($_POST['setpassword'] . $conf->get('credentials.login') . $conf->get('credentials.salt')));
try {
$conf->write(isLoggedIn());
}
@ -1099,15 +1100,15 @@ function renderPage()
) {
$tz = $_POST['continent'] . '/' . $_POST['city'];
}
$conf->set('timezone', $tz);
$conf->set('title', $_POST['title']);
$conf->set('titleLink', $_POST['titleLink']);
$conf->set('redirector', $_POST['redirector']);
$conf->set('disablesessionprotection', !empty($_POST['disablesessionprotection']));
$conf->set('privateLinkByDefault', !empty($_POST['privateLinkByDefault']));
$conf->set('config.ENABLE_RSS_PERMALINKS', !empty($_POST['enableRssPermalinks']));
$conf->set('config.ENABLE_UPDATECHECK', !empty($_POST['updateCheck']));
$conf->set('config.HIDE_PUBLIC_LINKS', !empty($_POST['hidePublicLinks']));
$conf->set('general.timezone', $tz);
$conf->set('general.title', $_POST['title']);
$conf->set('general.header_link', $_POST['titleLink']);
$conf->set('extras.redirector', $_POST['redirector']);
$conf->set('security.session_protection_disabled', !empty($_POST['disablesessionprotection']));
$conf->set('general.default_private_links', !empty($_POST['privateLinkByDefault']));
$conf->set('general.rss_permalinks', !empty($_POST['enableRssPermalinks']));
$conf->set('general.check_updates', !empty($_POST['updateCheck']));
$conf->set('extras.hide_public_links', !empty($_POST['hidePublicLinks']));
try {
$conf->write(isLoggedIn());
}
@ -1127,15 +1128,15 @@ function renderPage()
else // Show the configuration form.
{
$PAGE->assign('token',getToken());
$PAGE->assign('title', $conf->get('title'));
$PAGE->assign('redirector', $conf->get('redirector'));
list($timezone_form, $timezone_js) = generateTimeZoneForm($conf->get('timezone'));
$PAGE->assign('title', $conf->get('general.title'));
$PAGE->assign('redirector', $conf->get('extras.redirector'));
list($timezone_form, $timezone_js) = generateTimeZoneForm($conf->get('general.timezone'));
$PAGE->assign('timezone_form', $timezone_form);
$PAGE->assign('timezone_js',$timezone_js);
$PAGE->assign('private_links_default', $conf->get('privateLinkByDefault'));
$PAGE->assign('enable_rss_permalinks', $conf->get('config.ENABLE_RSS_PERMALINKS'));
$PAGE->assign('enable_update_check', $conf->get('config.ENABLE_UPDATECHECK'));
$PAGE->assign('hide_public_links', $conf->get('config.HIDE_PUBLIC_LINKS'));
$PAGE->assign('private_links_default', $conf->get('general.default_private_links', false));
$PAGE->assign('enable_rss_permalinks', $conf->get('general.rss_permalinks', false));
$PAGE->assign('enable_update_check', $conf->get('general.check_updates', true));
$PAGE->assign('hide_public_links', $conf->get('extras.hide_public_links', false));
$PAGE->renderPage('configure');
exit;
}
@ -1167,7 +1168,7 @@ function renderPage()
$value['tags']=trim(implode(' ',$tags));
$LINKSDB[$key]=$value;
}
$LINKSDB->savedb($conf->get('config.PAGECACHE'));
$LINKSDB->savedb($conf->get('path.page_cache'));
echo '<script>alert("Tag was removed from '.count($linksToAlter).' links.");document.location=\'?\';</script>';
exit;
}
@ -1184,7 +1185,7 @@ function renderPage()
$value['tags']=trim(implode(' ',$tags));
$LINKSDB[$key]=$value;
}
$LINKSDB->savedb($conf->get('config.PAGECACHE')); // Save to disk.
$LINKSDB->savedb($conf->get('path.page_cache')); // Save to disk.
echo '<script>alert("Tag was renamed in '.count($linksToAlter).' links.");document.location=\'?searchtags='.urlencode($_POST['totag']).'\';</script>';
exit;
}
@ -1235,7 +1236,7 @@ function renderPage()
$pluginManager->executeHooks('save_link', $link);
$LINKSDB[$linkdate] = $link;
$LINKSDB->savedb($conf->get('config.PAGECACHE'));
$LINKSDB->savedb($conf->get('path.page_cache'));
pubsubhub();
// If we are called from the bookmarklet, we must close the popup:
@ -1277,7 +1278,7 @@ function renderPage()
$pluginManager->executeHooks('delete_link', $LINKSDB[$linkdate]);
unset($LINKSDB[$linkdate]);
$LINKSDB->savedb('config.PAGECACHE'); // save to disk
$LINKSDB->savedb('path.page_cache'); // save to disk
// If we are called from the bookmarklet, we must close the popup:
if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; }
@ -1391,6 +1392,7 @@ function renderPage()
'http_referer' => (isset($_SERVER['HTTP_REFERER']) ? escape($_SERVER['HTTP_REFERER']) : ''),
'source' => (isset($_GET['source']) ? $_GET['source'] : ''),
'tags' => $LINKSDB->allTags(),
'default_private_links' => $conf->get('default_private_links', false),
);
$pluginManager->executeHooks('render_editlink', $data);
@ -1500,7 +1502,7 @@ function($a, $b) { return $a['order'] - $b['order']; }
}
}
else {
$conf->set('config.ENABLED_PLUGINS', save_plugin_config($_POST));
$conf->set('general.enabled_plugins', save_plugin_config($_POST));
}
$conf->write(isLoggedIn());
}
@ -1599,7 +1601,7 @@ function importFile($LINKSDB)
}
}
}
$LINKSDB->savedb($conf->get('config.PAGECACHE'));
$LINKSDB->savedb($conf->get('path.page_cache'));
echo '<script>alert("File '.json_encode($filename).' ('.$filesize.' bytes) was successfully processed: '.$import_count.' links imported.");document.location=\'?\';</script>';
}
@ -1646,7 +1648,7 @@ function buildLinkList($PAGE,$LINKSDB)
// If there is only a single link, we change on-the-fly the title of the page.
if (count($linksToDisplay) == 1) {
$conf->set('pagetitle', $linksToDisplay[$keys[0]]['title'] .' - '. $conf->get('title'));
$conf->set('pagetitle', $linksToDisplay[$keys[0]]['title'] .' - '. $conf->get('general.title'));
}
// Select articles according to paging.
@ -1662,7 +1664,7 @@ function buildLinkList($PAGE,$LINKSDB)
while ($i<$end && $i<count($keys))
{
$link = $linksToDisplay[$keys[$i]];
$link['description'] = format_description($link['description'], $conf->get('redirector'));
$link['description'] = format_description($link['description'], $conf->get('extras.redirector'));
$classLi = ($i % 2) != 0 ? '' : 'publicLinkHightLight';
$link['class'] = $link['private'] == 0 ? $classLi : 'private';
$date = DateTime::createFromFormat(LinkDB::LINK_DATE_FORMAT, $link['linkdate']);
@ -1704,7 +1706,7 @@ function buildLinkList($PAGE,$LINKSDB)
'result_count' => count($linksToDisplay),
'search_term' => $searchterm,
'search_tags' => $searchtags,
'redirector' => $conf->get('redirector'), // Optional redirector URL.
'redirector' => $conf->get('extras.redirector'), // Optional redirector URL.
'token' => $token,
'links' => $linkDisp,
'tags' => $LINKSDB->allTags(),
@ -1736,7 +1738,7 @@ function buildLinkList($PAGE,$LINKSDB)
function computeThumbnail($url,$href=false)
{
$conf = ConfigManager::getInstance();
if (!$conf->get('config.ENABLE_THUMBNAILS')) return array();
if (!$conf->get('general.enable_thumbnails')) return array();
if ($href==false) $href=$url;
// For most hosts, the URL of the thumbnail can be easily deduced from the URL of the link.
@ -1804,7 +1806,7 @@ function computeThumbnail($url,$href=false)
// So we deport the thumbnail generation in order not to slow down page generation
// (and we also cache the thumbnail)
if (! $conf->get('config.ENABLE_LOCALCACHE')) return array(); // If local cache is disabled, no thumbnails for services which require the use a local cache.
if (! $conf->get('general.enable_localcache')) return array(); // If local cache is disabled, no thumbnails for services which require the use a local cache.
if ($domain=='flickr.com' || endsWith($domain,'.flickr.com')
|| $domain=='vimeo.com'
@ -1827,7 +1829,7 @@ function computeThumbnail($url,$href=false)
$path = parse_url($url,PHP_URL_PATH);
if ("/talks/" !== substr($path,0,7)) return array(); // This is not a single video URL.
}
$sign = hash_hmac('sha256', $url, $conf->get('salt')); // We use the salt to sign data (it's random, secret, and specific to each installation)
$sign = hash_hmac('sha256', $url, $conf->get('credentials.salt')); // We use the salt to sign data (it's random, secret, and specific to each installation)
return array('src'=>index_url($_SERVER).'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url),
'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail');
}
@ -1838,7 +1840,7 @@ function computeThumbnail($url,$href=false)
$ext=strtolower(pathinfo($url,PATHINFO_EXTENSION));
if ($ext=='jpg' || $ext=='jpeg' || $ext=='png' || $ext=='gif')
{
$sign = hash_hmac('sha256', $url, $conf->get('salt')); // We use the salt to sign data (it's random, secret, and specific to each installation)
$sign = hash_hmac('sha256', $url, $conf->get('credentials.salt')); // We use the salt to sign data (it's random, secret, and specific to each installation)
return array('src'=>index_url($_SERVER).'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url),
'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail');
}
@ -1942,18 +1944,18 @@ function install()
) {
$tz = $_POST['continent'].'/'.$_POST['city'];
}
$conf->set('timezone', $tz);
$conf->set('general.timezone', $tz);
$login = $_POST['setlogin'];
$conf->set('login', $login);
$conf->set('credentials.login', $login);
$salt = sha1(uniqid('', true) .'_'. mt_rand());
$conf->set('salt', $salt);
$conf->set('hash', sha1($_POST['setpassword'] . $login . $salt));
$conf->set('credentials.salt', $salt);
$conf->set('credentials.hash', sha1($_POST['setpassword'] . $login . $salt));
if (!empty($_POST['title'])) {
$conf->set('title', $_POST['title']);
$conf->set('general.title', $_POST['title']);
} else {
$conf->set('title', 'Shared links on '.escape(index_url($_SERVER)));
$conf->set('general.title', 'Shared links on '.escape(index_url($_SERVER)));
}
$conf->set('config.ENABLE_UPDATECHECK', !empty($_POST['updateCheck']));
$conf->set('general.check_updates', !empty($_POST['updateCheck']));
try {
// Everything is ok, let's create config file.
$conf->write(isLoggedIn());
@ -1999,10 +2001,10 @@ function genThumbnail()
{
$conf = ConfigManager::getInstance();
// Make sure the parameters in the URL were generated by us.
$sign = hash_hmac('sha256', $_GET['url'], $conf->get('salt'));
$sign = hash_hmac('sha256', $_GET['url'], $conf->get('credentials.salt'));
if ($sign!=$_GET['hmac']) die('Naughty boy!');
$cacheDir = $conf->get('config.CACHEDIR', 'cache');
$cacheDir = $conf->get('path.thumbnails_cache', 'cache');
// Let's see if we don't already have the image for this URL in the cache.
$thumbname=hash('sha1',$_GET['url']).'.jpg';
if (is_file($cacheDir .'/'. $thumbname))
@ -2212,7 +2214,7 @@ function resizeImage($filepath)
if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=genthumbnail')) { genThumbnail(); exit; } // Thumbnail generation/cache does not need the link database.
if (isset($_SERVER['QUERY_STRING']) && startsWith($_SERVER['QUERY_STRING'], 'do=dailyrss')) { showDailyRSS(); exit; }
if (!isset($_SESSION['LINKS_PER_PAGE'])) {
$_SESSION['LINKS_PER_PAGE'] = $conf->get('config.LINKS_PER_PAGE', 20);
$_SESSION['LINKS_PER_PAGE'] = $conf->get('general.links_per_page', 20);
}
renderPage();
?>

40
tests/ApplicationUtilsTest.php
View file

@ -277,16 +277,16 @@ public function testCheckSupportedPHPVersion52()
public function testCheckCurrentResourcePermissions()
{
$conf = ConfigManager::getInstance();
$conf->set('config.CACHEDIR', 'cache');
$conf->set('config.CONFIG_FILE', 'data/config.php');
$conf->set('config.DATADIR', 'data');
$conf->set('config.DATASTORE', 'data/datastore.php');
$conf->set('config.IPBANS_FILENAME', 'data/ipbans.php');
$conf->set('config.LOG_FILE', 'data/log.txt');
$conf->set('config.PAGECACHE', 'pagecache');
$conf->set('config.RAINTPL_TMP', 'tmp');
$conf->set('config.RAINTPL_TPL', 'tpl');
$conf->set('config.UPDATECHECK_FILENAME', 'data/lastupdatecheck.txt');
$conf->set('path.thumbnails_cache', 'cache');
$conf->set('path.config', 'data/config.php');
$conf->set('path.data_dir', 'data');
$conf->set('path.datastore', 'data/datastore.php');
$conf->set('path.ban_file', 'data/ipbans.php');
$conf->set('path.log', 'data/log.txt');
$conf->set('path.page_cache', 'pagecache');
$conf->set('path.raintpl_tmp', 'tmp');
$conf->set('path.raintpl_tpl', 'tpl');
$conf->set('path.update_check', 'data/lastupdatecheck.txt');
$this->assertEquals(
array(),
@ -300,16 +300,16 @@ public function testCheckCurrentResourcePermissions()
public function testCheckCurrentResourcePermissionsErrors()
{
$conf = ConfigManager::getInstance();
$conf->set('config.CACHEDIR', 'null/cache');
$conf->set('config.CONFIG_FILE', 'null/data/config.php');
$conf->set('config.DATADIR', 'null/data');
$conf->set('config.DATASTORE', 'null/data/store.php');
$conf->set('config.IPBANS_FILENAME', 'null/data/ipbans.php');
$conf->set('config.LOG_FILE', 'null/data/log.txt');
$conf->set('config.PAGECACHE', 'null/pagecache');
$conf->set('config.RAINTPL_TMP', 'null/tmp');
$conf->set('config.RAINTPL_TPL', 'null/tpl');
$conf->set('config.UPDATECHECK_FILENAME', 'null/data/lastupdatecheck.txt');
$conf->set('path.thumbnails_cache', 'null/cache');
$conf->set('path.config', 'null/data/config.php');
$conf->set('path.data_dir', 'null/data');
$conf->set('path.datastore', 'null/data/store.php');
$conf->set('path.ban_file', 'null/data/ipbans.php');
$conf->set('path.log', 'null/data/log.txt');
$conf->set('path.page_cache', 'null/pagecache');
$conf->set('path.raintpl_tmp', 'null/tmp');
$conf->set('path.raintpl_tpl', 'null/tpl');
$conf->set('path.update_check', 'null/data/lastupdatecheck.txt');
$this->assertEquals(
array(
'"null/tpl" directory is not readable',

95
tests/Updater/UpdaterTest.php
View file

@ -9,11 +9,6 @@
*/
class UpdaterTest extends PHPUnit_Framework_TestCase
{
/**
* @var array Configuration input set.
*/
private static $configFields;
/**
* @var string Path to test datastore.
*/
@ -22,7 +17,7 @@ class UpdaterTest extends PHPUnit_Framework_TestCase
/**
* @var string Config file path (without extension).
*/
protected static $configFile = 'tests/utils/config/configUpdater';
protected static $configFile = 'tests/utils/config/configJson';
/**
* @var ConfigManager
@ -34,51 +29,8 @@ class UpdaterTest extends PHPUnit_Framework_TestCase
*/
public function setUp()
{
self::$configFields = array(
'login' => 'login',
'hash' => 'hash',
'salt' => 'salt',
'timezone' => 'Europe/Paris',
'title' => 'title',
'titleLink' => 'titleLink',
'redirector' => '',
'disablesessionprotection' => false,
'privateLinkByDefault' => false,
'config' => array(
'DATADIR' => 'tests/Updater',
'PAGECACHE' => 'sandbox/pagecache',
'config1' => 'config1data',
'config2' => 'config2data',
)
);
ConfigManager::$CONFIG_FILE = self::$configFile;
$this->conf = ConfigManager::reset();
$this->conf->reload();
foreach (self::$configFields as $key => $value) {
$this->conf->set($key, $value);
}
$this->conf->write(true);
}
/**
* Executed after each test.
*
* @return void
*/
public function tearDown()
{
if (is_file('tests/Updater/config.json')) {
unlink('tests/Updater/config.json');
}
if (is_file(self::$configFields['config']['DATADIR'] . '/options.php')) {
unlink(self::$configFields['config']['DATADIR'] . '/options.php');
}
if (is_file(self::$configFields['config']['DATADIR'] . '/updates.txt')) {
unlink(self::$configFields['config']['DATADIR'] . '/updates.txt');
}
}
/**
@ -87,9 +39,10 @@ public function tearDown()
public function testReadEmptyUpdatesFile()
{
$this->assertEquals(array(), read_updates_file(''));
$updatesFile = self::$configFields['config']['DATADIR'] . '/updates.txt';
$updatesFile = $this->conf->get('path.data_dir') . '/updates.txt';
touch($updatesFile);
$this->assertEquals(array(), read_updates_file($updatesFile));
unlink($updatesFile);
}
/**
@ -97,7 +50,7 @@ public function testReadEmptyUpdatesFile()
*/
public function testReadWriteUpdatesFile()
{
$updatesFile = self::$configFields['config']['DATADIR'] . '/updates.txt';
$updatesFile = $this->conf->get('path.data_dir') . '/updates.txt';
$updatesMethods = array('m1', 'm2', 'm3');
write_updates_file($updatesFile, $updatesMethods);
@ -109,6 +62,7 @@ public function testReadWriteUpdatesFile()
write_updates_file($updatesFile, $updatesMethods);
$readMethods = read_updates_file($updatesFile);
$this->assertEquals($readMethods, $updatesMethods);
unlink($updatesFile);
}
/**
@ -130,10 +84,15 @@ public function testWriteEmptyUpdatesFile()
*/
public function testWriteUpdatesFileNotWritable()
{
$updatesFile = self::$configFields['config']['DATADIR'] . '/updates.txt';
$updatesFile = $this->conf->get('path.data_dir') . '/updates.txt';
touch($updatesFile);
chmod($updatesFile, 0444);
try {
@write_updates_file($updatesFile, array('test'));
} catch (Exception $e) {
unlink($updatesFile);
throw $e;
}
}
/**
@ -213,17 +172,15 @@ public function testUpdateFailed()
*/
public function testUpdateMergeDeprecatedConfig()
{
// Use writeConfig to create a options.php
ConfigManager::$CONFIG_FILE = 'tests/Updater/options';
$this->conf->setConfigIO(new ConfigPhp());
$invert = !$this->conf->get('privateLinkByDefault');
$this->conf->set('privateLinkByDefault', $invert);
$this->conf->write(true);
ConfigManager::$CONFIG_FILE = 'tests/utils/config/configPhp';
$this->conf = $this->conf->reset();
$optionsFile = 'tests/Updater/options.php';
$this->assertTrue(is_file($optionsFile));
$options = '<?php
$GLOBALS[\'privateLinkByDefault\'] = true;';
file_put_contents($optionsFile, $options);
// tmp config file.
ConfigManager::$CONFIG_FILE = 'tests/Updater/config';
// merge configs
@ -233,7 +190,7 @@ public function testUpdateMergeDeprecatedConfig()
// make sure updated field is changed
$this->conf->reload();
$this->assertEquals($invert, $this->conf->get('privateLinkByDefault'));
$this->assertTrue($this->conf->get('general.default_private_links'));
$this->assertFalse(is_file($optionsFile));
// Delete the generated file.
unlink($this->conf->getConfigFile());
@ -247,7 +204,7 @@ public function testMergeDeprecatedConfigNoFile()
$updater = new Updater(array(), array(), true);
$updater->updateMethodMergeDeprecatedConfigFile();
$this->assertEquals(self::$configFields['login'], $this->conf->get('login'));
$this->assertEquals('root', $this->conf->get('credentials.login'));
}
/**
@ -286,9 +243,9 @@ public function testConfigToJson()
// Check JSON config data.
$conf->reload();
$this->assertEquals('root', $conf->get('login'));
$this->assertEquals('lala', $conf->get('redirector'));
$this->assertEquals('data/datastore.php', $conf->get('config.DATASTORE'));
$this->assertEquals('root', $conf->get('credentials.login'));
$this->assertEquals('lala', $conf->get('extras.redirector'));
$this->assertEquals('data/datastore.php', $conf->get('path.datastore'));
$this->assertEquals('1', $conf->get('plugins.WALLABAG_VERSION'));
rename($configFile . '.save.php', $configFile . '.php');
@ -300,15 +257,11 @@ public function testConfigToJson()
*/
public function testConfigToJsonNothingToDo()
{
$configFile = 'tests/utils/config/configUpdateDone';
ConfigManager::$CONFIG_FILE = $configFile;
$conf = ConfigManager::reset();
$conf->reload();
$filetime = filemtime($conf->getConfigFile());
$filetime = filemtime($this->conf->getConfigFile());
$updater = new Updater(array(), array(), false);
$done = $updater->updateMethodConfigToJson();
$this->assertTrue($done);
$expected = filemtime($conf->getConfigFile());
$expected = filemtime($this->conf->getConfigFile());
$this->assertEquals($expected, $filetime);
}
}

34
tests/config/ConfigJsonTest.php
View file

@ -23,9 +23,9 @@ public function setUp()
public function testRead()
{
$conf = $this->configIO->read('tests/utils/config/configJson.json.php');
$this->assertEquals('root', $conf['login']);
$this->assertEquals('lala', $conf['redirector']);
$this->assertEquals('data/datastore.php', $conf['config']['DATASTORE']);
$this->assertEquals('root', $conf['credentials']['login']);
$this->assertEquals('lala', $conf['extras']['redirector']);
$this->assertEquals('tests/utils/config/datastore.php', $conf['path']['datastore']);
$this->assertEquals('1', $conf['plugins']['WALLABAG_VERSION']);
}
@ -55,10 +55,14 @@ public function testWriteNew()
{
$dataFile = 'tests/utils/config/configWrite.json.php';
$data = array(
'credentials' => array(
'login' => 'root',
),
'path' => array(
'datastore' => 'data/datastore.php',
),
'extras' => array(
'redirector' => 'lala',
'config' => array(
'DATASTORE' => 'data/datastore.php',
),
'plugins' => array(
'WALLABAG_VERSION' => '1',
@ -68,19 +72,23 @@ public function testWriteNew()
// PHP 5.3 doesn't support json pretty print.
if (defined('JSON_PRETTY_PRINT')) {
$expected = '{
"login": "root",
"redirector": "lala",
"config": {
"DATASTORE": "data\/datastore.php"
"credentials": {
"login": "root"
},
"path": {
"datastore": "data\/datastore.php"
},
"extras": {
"redirector": "lala"
},
"plugins": {
"WALLABAG_VERSION": "1"
}
}';
} else {
$expected = '{"login":"root","redirector":"lala","config":{"DATASTORE":"data\/datastore.php"},"plugins":{"WALLABAG_VERSION":"1"}}';
$expected = '{"credentials":{"login":"root"},"path":{"datastore":"data\/datastore.php"},"extras":{"redirector":"lala"},"plugins":{"WALLABAG_VERSION":"1"}}';
}
$expected = ConfigJson::$PHP_HEADER . $expected;
$expected = ConfigJson::getPhpHeaders() . $expected;
$this->assertEquals($expected, file_get_contents($dataFile));
unlink($dataFile);
}
@ -94,10 +102,10 @@ public function testOverwrite()
$dest = 'tests/utils/config/configOverwrite.json.php';
copy($source, $dest);
$conf = $this->configIO->read($dest);
$conf['redirector'] = 'blabla';
$conf['extras']['redirector'] = 'blabla';
$this->configIO->write($dest, $conf);
$conf = $this->configIO->read($dest);
$this->assertEquals('blabla', $conf['redirector']);
$this->assertEquals('blabla', $conf['extras']['redirector']);
unlink($dest);
}

6
tests/config/ConfigManagerTest.php
View file

@ -131,7 +131,7 @@ public function testGetNonExistent()
*/
public function testExistsOk()
{
$this->assertTrue($this->conf->exists('login'));
$this->assertTrue($this->conf->exists('credentials.login'));
$this->assertTrue($this->conf->exists('config.foo'));
}
@ -163,12 +163,12 @@ public function testReset()
public function testReload()
{
ConfigManager::$CONFIG_FILE = 'tests/utils/config/configTmp';
$newConf = ConfigJson::$PHP_HEADER . '{ "key": "value" }';
$newConf = ConfigJson::getPhpHeaders() . '{ "key": "value" }';
file_put_contents($this->conf->getConfigFile(), $newConf);
$this->conf->reload();
unlink($this->conf->getConfigFile());
// Previous conf no longer exists, and new values have been loaded.
$this->assertFalse($this->conf->exists('login'));
$this->assertFalse($this->conf->exists('credentials.login'));
$this->assertEquals('value', $this->conf->get('key'));
}
}

25
tests/utils/config/configJson.json.php
View file

@ -1,17 +1,28 @@
<?php /*
{
"redirector":"lala",
"credentials": {
"login":"root",
"hash":"hash",
"salt":"salt",
"salt":"salt"
},
"security": {
"session_protection_disabled":false
},
"general": {
"timezone":"Europe\/Paris",
"disablesessionprotection":false,
"privateLinkByDefault":true,
"default_private_linksheader_link":true,
"title": "Shaarli",
"titleLink": "?",
"header_link": "?"
},
"extras": {
"redirector":"lala"
},
"config": {
"foo": "bar",
"DATASTORE": "data\/datastore.php"
"foo": "bar"
},
"path": {
"datastore": "tests\/utils\/config\/datastore.php",
"data_dir": "tests\/utils\/config"
},
"plugins": {
"WALLABAG_VERSION": 1

4
tests/utils/config/configUpdateDone.json.php
View file

@ -1,4 +0,0 @@
<?php /*
{
"login": "root"
}

15
tests/utils/config/configUpdater.php
View file

@ -1,15 +0,0 @@
<?php
$GLOBALS['login'] = 'login';
$GLOBALS['hash'] = 'hash';
$GLOBALS['salt'] = 'salt';
$GLOBALS['timezone'] = 'Europe/Paris';
$GLOBALS['title'] = 'title';
$GLOBALS['titleLink'] = 'titleLink';
$GLOBALS['redirector'] = '';
$GLOBALS['disablesessionprotection'] = false;
$GLOBALS['privateLinkByDefault'] = false;
$GLOBALS['config']['DATADIR'] = 'tests/Updater';
$GLOBALS['config']['PAGECACHE'] = 'sandbox/pagecache';
$GLOBALS['config']['config1'] = 'config1data';
$GLOBALS['config']['config2'] = 'config2data';
$GLOBALS['plugins']['WALLABAG_VERSION'] = '2';

4
tpl/configure.html
View file

@ -36,7 +36,7 @@
<td><b>Security:</b></td>
<td>
<input type="checkbox" name="disablesessionprotection" id="disablesessionprotection"
{if="!empty($GLOBALS['disablesessionprotection'])"}checked{/if}>
{if="$private_links_default"}checked{/if}>
<label
for="disablesessionprotection">&nbsp;Disable session cookie hijacking protection (Check this if you get
disconnected often or if your IP address changes often.)</label>
@ -60,7 +60,7 @@
{if="$enable_rss_permalinks"}checked{/if}/>
<label for="enableRssPermalinks">
&nbsp;Disable it to use permalinks in RSS feed instead of direct links to your shaared links. Currently <b>
{if="$GLOBALS['config']['ENABLE_RSS_PERMALINKS']"}enabled{else}disabled{/if}.</b>
{if="$enable_rss_permalinks"}enabled{else}disabled{/if}.</b>
</label>
</td>
</tr>

2
tpl/daily.html
View file

@ -53,7 +53,7 @@
<img src="../images/squiggle2.png" width="25" height="26" title="permalink" alt="permalink">
</a>
</div>
{if="!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()"}
{if="!$hide_timestamps || isLoggedIn()"}
<div class="dailyEntryLinkdate">
<a href="?{$link.linkdate|smallHash}">{function="strftime('%c', $link.timestamp)"}</a>
</div>

2
tpl/dailyrss.html
View file

@ -6,7 +6,7 @@
<description><![CDATA[
{loop="links"}
<h3><a href="{$value.url}">{$value.title}</a></h3>
<small>{if="!$GLOBALS['config']['HIDE_TIMESTAMPS']"}{function="strftime('%c', $value.timestamp)"} - {/if}{if="$value.tags"}{$value.tags}{/if}<br>
<small>{if="!$hide_timestamps"}{function="strftime('%c', $value.timestamp)"} - {/if}{if="$value.tags"}{$value.tags}{/if}<br>
{$value.url}</small><br>
{if="$value.thumbnail"}{$value.thumbnail}{/if}<br>
{if="$value.description"}{$value.formatedDescription}{/if}

4
tpl/editlink.html
View file

@ -25,7 +25,7 @@
{$value}
{/loop}
{if="($link_is_new && $GLOBALS['privateLinkByDefault']==true) || $link.private == true"}
{if="($link_is_new && $default_private_links) || $link.private == true"}
<input type="checkbox" checked="checked" name="lf_private" id="lf_private">
&nbsp;<label for="lf_private"><i>Private</i></label><br>
{else}
@ -43,12 +43,10 @@
{if="$source !== 'firefoxsocialapi'"}
{include="page.footer"}
{/if}
{if="($GLOBALS['config']['OPEN_SHAARLI'] || isLoggedIn())"}
<script src="inc/awesomplete.min.js#"></script>
<script src="inc/awesomplete-multiple-tags.js#"></script>
<script>
awesompleteUniqueTag('#lf_tags');
</script>
{/if}
</body>
</html>