View file

@ -1,78 +0,0 @@
## Contributing to Shaarli (community repository)
### Bugs and feature requests
**Reporting bugs, feature requests: issues management**
You can look through existing bugs/requests and help reporting them [here](
Constructive input/experience reports/helping other users is welcome.
The general guideline of the fork is to keep Shaarli simple (project and code maintenance, and features-wise), while providing customization capabilities (plugin system, making more settings configurable).
Check the [milestones]( to see what issues have priority.
* The issues list should preferably contain **only tasks that can be actioned immediately**. Anyone should be able to open the issues list, pick one and start working on it immediately.
* If you have a clear idea of a **feature you expect, or have a specific bug/defect to report**, [search the issues list, both open and closed]( to check if it has been discussed, and comment on the appropriate issue. If you can't find one, please open a [new issue](
* **General discussions** fit in #44 so that we don't follow a slope where users and contributors have to track 90 "maybe" items in the bug tracker. Separate issues about clear, separate steps can be opened after discussion.
* You can also join instant discussion at, or via IRC as described [here](
### Documentation
The [official documentation]( is generated from [Markdown]( documents in the `doc/md/` directory. HTML documentation is generated using [Mkdocs]( [Read the Docs]( provides hosting for the online documentation.
To edit the documentation, please edit the appropriate `doc/md/*.md` files (and optionally `make htmlpages` to preview changes to HTML files). Then submit your changes as a Pull Request. Have a look at the MkDocs documentation and configuration file `mkdocs.yml` if you need to add/remove/rename/reorder pages.
### Translations
Currently Shaarli has no translation/internationalization/localization system available and is single-language. You can help by proposing an i18n system (issue
### Beta testing
You can help testing Shaarli releases by immediately upgrading your installation after a [new version has been releases](
All current development happens in [Pull Requests]( You can test proposed patches by cloning the Shaarli repo, adding the Pull Request branch and `git checkout` to it. You can also merge multiple Pull Requests to a testing branch.
git clone
git remote add pull-request-25 owner/cool-new-feature
git remote add pull-request-26 anotherowner/bugfix
git remote update
git checkout -b testing
git merge cool-new-feature
git merge bugfix
Or see [Checkout Github Pull Requests locally](
Please report any problem you might find.
### Contributing code
#### Adding your own changes
* Pick or open an issue
* Fork the Shaarli repository on github
* `git clone` your fork
* starting from branch ` master`, switch to a new branch (eg. `git checkout -b my-awesome-feature`)
* edit the required files (from the Github web interface or your text editor)
* add and commit your changes with a meaningful commit message (eg `Cool new feature, fixes issue #1001`)
* run unit tests against your patched version, see [Running unit tests](
* Open your fork in the Github web interface and click the "Compare and Pull Request" button, enter required info and submit your Pull Request.
All changes you will do on the `my-awesome-feature` in the future will be added to your Pull Request. Don't work directly on the master branch, don't do unrelated work on your `my-awesome-feature` branch.
#### Contributing to an existing Pull Request
#### Useful links
If you are not familiar with Git or Github, here are a few links to set you on track:
* - 10 minutes Github workflow interactive tutorial
* - A Git cheatsheet
* - Helps you understand some basic Git concepts visually
* - Git tutorials
* - Git workflows
* - The official Git book, multiple languages
* - Git tutorials
* - Guide to Git
* - medium to advanced Git docs/tips/blog/articles
* - Participating in Open Source

View file

@ -1,69 +1,16 @@
View file

@ -1,74 +0,0 @@
# Stage 1:
# - Copy Shaarli sources
# - Build documentation
FROM python:3-alpine as docs
ADD . /usr/src/app/shaarli
RUN cd /usr/src/app/shaarli \
&& apk add --no-cache gcc musl-dev make bash \
&& make htmldoc
# Stage 2:
# - Resolve PHP dependencies with Composer
FROM composer:latest as composer
COPY --from=docs /usr/src/app/shaarli /app/shaarli
RUN cd shaarli \
&& composer --prefer-dist --no-dev install
# Stage 3:
# - Frontend dependencies
FROM node:12-alpine as node
COPY --from=composer /app/shaarli shaarli
RUN cd shaarli \
&& yarnpkg install \
&& yarnpkg run build \
&& rm -rf node_modules
# Stage 4:
# - Shaarli image
FROM alpine:3.16.7
LABEL maintainer="Shaarli Community"
RUN apk --update --no-cache add \
ca-certificates \
nginx \
php8 \
php8-ctype \
php8-curl \
php8-fpm \
php8-gd \
php8-gettext \
php8-iconv \
php8-intl \
php8-json \
php8-ldap \
php8-mbstring \
php8-openssl \
php8-session \
php8-xml \
php8-simplexml \
php8-zlib \
COPY .docker/nginx.conf /etc/nginx/nginx.conf
COPY .docker/php-fpm.conf /etc/php8/php-fpm.conf
COPY .docker/services.d /etc/services.d
RUN rm -rf /etc/php8/php-fpm.d/www.conf \
&& sed -i 's/post_max_size.*/post_max_size = 10M/' /etc/php8/php.ini \
&& sed -i 's/upload_max_filesize.*/upload_max_filesize = 10M/' /etc/php8/php.ini
WORKDIR /var/www
COPY --from=node /shaarli shaarli
RUN chown -R nginx:nginx . \
&& ln -sf /dev/stdout /var/log/nginx/shaarli.access.log \
&& ln -sf /dev/stderr /var/log/nginx/shaarli.error.log
VOLUME /var/www/shaarli/cache
VOLUME /var/www/shaarli/data
ENTRYPOINT ["/bin/s6-svscan", "/etc/services.d"]
CMD []

View file

@ -1,215 +0,0 @@
# The personal, minimalist, super fast, database-free, bookmarking service.
# Makefile for PHP code analysis & testing, documentation and release generation
BIN = vendor/bin
all: check_permissions test
# Docker test adapter
# Shaarli sources and vendored libraries are copied from a shared volume
# to a user-owned directory to enable running tests as a non-root user.
rsync -az /shaarli/ ~/shaarli/
cd ~/shaarli && make $*
# PHP_CodeSniffer
# Detects PHP syntax errors
# Documentation (usage, output formatting):
# -
# -
PHPCS := $(BIN)/phpcs
# Use GNU Tar where available
ifneq (, $(shell which gtar))
TAR := gtar
TAR := tar
### - errors by Git author
@$(PHPCS) --report-gitblame
### - all errors/warnings
@$(PHPCS) --report-full --report-width=200
### - errors grouped by kind
@$(PHPCS) --report-source || exit 0
# Checks source file & script permissions
@echo "----------------------"
@echo "Check file permissions"
@echo "----------------------"
@for file in `git ls-files | grep -v docker`; do \
if [ -x $$file ]; then \
errors=true; \
echo "$${file} is executable"; \
fi \
done; [ -z $$errors ] || false
# PHPUnit
# Runs unitary and functional tests
# Generates an HTML coverage report if Xdebug is enabled
# See phpunit.xml for configuration
test: translate
@echo "-------"
@echo "PHPUNIT"
@echo "-------"
@mkdir -p sandbox coverage
@$(BIN)/phpunit --coverage-php coverage/main.cov --bootstrap tests/bootstrap.php --testsuite unit-tests
@UT_LOCALE=$*.utf8 \
$(BIN)/phpunit \
--coverage-php coverage/$(firstword $(subst _, ,$*)).cov \
--bootstrap tests/languages/bootstrap.php \
--testsuite language-$(firstword $(subst _, ,$*))
all_tests: test locale_test_de_DE locale_test_en_US locale_test_fr_FR
@# --The current version is not compatible with PHP 7.2
@#$(BIN)/phpcov merge --html coverage coverage
@# --text doesn't work with phpunit 4.* (v5 requires PHP 5.6)
@#$(BIN)/phpcov merge --text coverage/txt coverage
### download 3rd-party PHP libraries, including dev dependencies
composer_dependencies_dev: clean
composer install --prefer-dist
# Custom release archive generation
# For each tagged revision, GitHub provides tar and zip archives that correspond
# to the output of git-archive
# These targets produce similar archives, featuring 3rd-party dependencies
# to ease deployment on shared hosting.
ARCHIVE_VERSION := shaarli-$$(git describe)-full
release_archive: release_tar release_zip
### download 3rd-party PHP libraries
composer_dependencies: clean
composer install --no-dev --prefer-dist
find vendor/ -name ".git" -type d -exec rm -rf {} +
### download 3rd-party frontend libraries
yarnpkg install
### Build frontend dependencies
build_frontend: frontend_dependencies
yarnpkg run build
### generate a release tarball and include 3rd-party dependencies and translations
release_tar: composer_dependencies htmldoc translate build_frontend
git archive --prefix=$(ARCHIVE_PREFIX) -o $(ARCHIVE_VERSION).tar HEAD
$(TAR) rvf $(ARCHIVE_VERSION).tar --transform "s|^vendor|$(ARCHIVE_PREFIX)vendor|" vendor/
$(TAR) rvf $(ARCHIVE_VERSION).tar --transform "s|^doc/html|$(ARCHIVE_PREFIX)doc/html|" doc/html/
$(TAR) rvf $(ARCHIVE_VERSION).tar --transform "s|^tpl|$(ARCHIVE_PREFIX)tpl|" tpl/
### generate a release zip and include 3rd-party dependencies and translations
release_zip: composer_dependencies htmldoc translate build_frontend
git archive --prefix=$(ARCHIVE_PREFIX) -o $(ARCHIVE_VERSION).zip -9 HEAD
mkdir -p $(ARCHIVE_PREFIX)/doc
mkdir -p $(ARCHIVE_PREFIX)/vendor
rsync -a doc/html/ $(ARCHIVE_PREFIX)doc/html/
rsync -a vendor/ $(ARCHIVE_PREFIX)vendor/
zip -r $(ARCHIVE_VERSION).zip $(ARCHIVE_PREFIX)vendor/
rsync -a tpl/ $(ARCHIVE_PREFIX)tpl/
# Targets for repository and documentation maintenance
### remove all unversioned files
@git clean -df
@rm -rf sandbox trivy*
### generate the AUTHORS file from Git commit information
@cp .github/mailmap .mailmap
@git shortlog -sne > AUTHORS
@rm .mailmap
### generate phpDocumentor documentation
phpdoc: clean
@docker run --rm -v $(PWD):/data -u `id -u`:`id -g` phpdoc/phpdoc
### generate HTML documentation from Markdown pages with Sphinx
python3 -m venv venv/
bash -c 'source venv/bin/activate; \
pip install wheel; \
pip install sphinx==7.1.0 furo==2023.7.26 myst-parser sphinx-design; \
sphinx-build -b html -c doc/ doc/md/ doc/html/'
find doc/html/ -type f -exec chmod a-x '{}' \;
rm -r venv
### Generate Shaarli's translation compiled file (.mo)
@echo "----------------------"
@echo "Compile translation files"
@echo "----------------------"
@for pofile in `find inc/languages/ -name shaarli.po`; do \
echo "Compiling $$pofile"; \
msgfmt -v "$$pofile" -o "`dirname "$$pofile"`/`basename "$$pofile" .po`.mo"; \
### Run ESLint check against Shaarli's JS files
@yarnpkg run eslint -c .dev/.eslintrc.js assets/vintage/js/
@yarnpkg run eslint -c .dev/.eslintrc.js assets/default/js/
@yarnpkg run eslint -c .dev/.eslintrc.js assets/common/js/
### Run CSSLint check against Shaarli's SCSS files
@yarnpkg run stylelint --config .dev/.stylelintrc.js 'assets/default/scss/*.scss'
# Security scans
# trivy version (
# default trivy exit code when vulnerabilities are found
# default docker image to scan with trivy
### download trivy vulneravbility scanner
wget --quiet --continue -O trivy_$(TRIVY_VERSION)_Linux-64bit.tar.gz$(TRIVY_VERSION)/trivy_$(TRIVY_VERSION)_Linux-64bit.tar.gz
tar -z -x trivy -f trivy_$(TRIVY_VERSION)_Linux-64bit.tar.gz
### run trivy vulnerability scanner on docker image
test_trivy_docker: download_trivy
./trivy --exit-code $(TRIVY_EXIT_CODE) image $(TRIVY_TARGET_DOCKER_IMAGE)
### run trivy vulnerability scanner on composer/yarn dependency trees
test_trivy_repo: download_trivy
./trivy --exit-code $(TRIVY_EXIT_CODE) fs composer.lock
./trivy --exit-code $(TRIVY_EXIT_CODE) fs yarn.lock

View file

@ -1,31 +1,71 @@
![Shaarli logo](doc/md/images/doc-logo.png)
![Shaarli logo](
The personal, minimalist, super fast, database-free, bookmarking service.
Shaarli, the personal, minimalist, super-fast, no-database delicious clone.
_Do you want to share the links you discover?_
_Shaarli is a minimalist link sharing service that you can install on your own server._
_It is designed to be personal (single-user), fast and handy._
You want to share the links you discover ? Shaarli is a minimalist delicious clone you can install on your own website.
It is designed to be personal (single-user), fast and handy.
[![Join the chat at](](
[![Docker repository](](
## Quickstart
- [Documentation](
- [Change log](
- [Bugs/Feature requests/Discussion](
* Minimalist design (simple is beautiful)
* **FAST**
* Dead-simple installation: Drop the files, open the page. No database required.
* Easy to use: Single button in your browser to bookmark a page
* Save url, title, description (unlimited size). Classify links with tags (with autocomplete)
* Tag renaming, merging and deletion.
* Automatic thumbnails for various services (imgur,, flickr, youtube, vimeo, dailymotion…)
* Automatic conversion of URLs to clickable links in descriptions. Support for http/ftp/file/apt/magnet protocols.
* Save links as public or private
* 1-clic access to your private links/notes
* Browse links by page, filter by tag or use the full text search engine
* Permalinks (with QR-Code) for easy reference
* RSS and ATOM feeds (which can be filtered by tag or text search)
* Tag cloud
* Picture wall (which can be filtered by tag or text search)
* “Links of the day” Newspaper-like digest, browsable by day.
* “Daily” RSS feed: Get each day a digest of all new links.
* [PubSubHubbub]( protocol support
* Easy backup (Data stored in a single file)
* Compact storage (1315 links stored in 150 kb)
* Mobile browsers support
* Also works with javascript disabled
* Can import/export Netscape bookmarks (for import/export from/to Firefox, Opera, Chrome, Delicious…)
* Brute force protected login form
* Protected against [XSRF](, session cookie hijacking.
* Automatic removal of annoying FeedBurner/Google FeedProxy parameters in URL (?utm_source…)
* Shaarli is a bookmarking application, but you can use it for micro-blogging (like Twitter), a pastebin, an online notepad, a snippet repository, etc.
* You will be automatically notified by a discreet popup if a new version is available
* Pages are easy to customize (using CSS and simple RainTPL templates)
### Demo
You can use this [public demo instance of Shaarli](
It runs the latest development version of Shaarli and is updated/reset daily.
Requires php 5.1
Login: `demo`; Password: `demo`
More information on the project page:
### License
Shaarli is [Free Software]( See [COPYING](COPYING) for a detail of the contributors and licenses for each individual component.
Shaarli is distributed under the zlib/libpng License:
Copyright (c) 2011 Sébastien SAUVAGE (
This software is provided 'as-is', without any express or implied warranty.
In no event will the authors be held liable for any damages arising from
the use of this software.
Permission is granted to anyone to use this software for any purpose,
including commercial applications, and to alter it and redistribute it
freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not
claim that you wrote the original software. If you use this software
in a product, an acknowledgment in the product documentation would
be appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must
not be misrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.

View file

$data = (array) ($request->getParsedBody() ?? []);
$bookmark = ApiUtils::buildBookmarkFromRequest(
$this->conf->get('general.tags_separator', ' ')
// duplicate by URL, return 409 Conflict
if (
! empty($bookmark->getUrl())
&& ! empty($dup = $this->bookmarkService->findByUrl($bookmark->getUrl()))
) {
return $response->withJson(
ApiUtils::formatLink($dup, index_url($this->ci['environment'])),
$out = ApiUtils::formatLink($bookmark, index_url($this->ci['environment']));
$redirect = $this->ci->router->pathFor('getLink', ['id' => $bookmark->getId()]);
return $response->withAddedHeader('Location', $redirect)
->withJson($out, 201, $this->jsonStyle);
* Updates an existing link from posted request body.
* @param Request $request Slim request.
* @param Response $response Slim response.
* @param array $args Path parameters. including the ID.
* @return Response response.
* @throws ApiLinkNotFoundException generating a 404 error.
public function putLink($request, $response, $args)
$id = is_integer_mixed($args['id']) ? (int) $args['id'] : null;
if ($id === null || !$this->bookmarkService->exists($id)) {
throw new ApiLinkNotFoundException();
$index = index_url($this->ci['environment']);
$data = $request->getParsedBody();
$requestBookmark = ApiUtils::buildBookmarkFromRequest(
$this->conf->get('general.tags_separator', ' ')
// duplicate URL on a different link, return 409 Conflict
if (
! empty($requestBookmark->getUrl())
&& ! empty($dup = $this->bookmarkService->findByUrl($requestBookmark->getUrl()))
&& $dup->getId() != $id
) {
return $response->withJson(
ApiUtils::formatLink($dup, $index),
$responseBookmark = $this->bookmarkService->get($id);
$responseBookmark = ApiUtils::updateLink($responseBookmark, $requestBookmark);
$out = ApiUtils::formatLink($responseBookmark, $index);
return $response->withJson($out, 200, $this->jsonStyle);
* Delete an existing link by its ID.
* @param Request $request Slim request.
* @param Response $response Slim response.
* @param array $args Path parameters. including the ID.
* @return Response response.
* @throws ApiLinkNotFoundException generating a 404 error.
public function deleteLink($request, $response, $args)
$id = is_integer_mixed($args['id']) ? (int) $args['id'] : null;
if ($id === null || !$this->bookmarkService->exists($id)) {
throw new ApiLinkNotFoundException();
$bookmark = $this->bookmarkService->get($id);
return $response->withStatus(204);

View file

@ -1,174 +0,0 @@
namespace Shaarli\Api\Controllers;
use Shaarli\Api\ApiUtils;
use Shaarli\Api\Exceptions\ApiBadParametersException;
use Shaarli\Api\Exceptions\ApiTagNotFoundException;
use Shaarli\Bookmark\BookmarkFilter;
use Slim\Http\Request;
use Slim\Http\Response;
* Class Tags
* REST API Controller: all services related to tags collection.
* @package Api\Controllers
class Tags extends ApiController
* @var int Number of bookmarks returned if no limit is provided.
public static $DEFAULT_LIMIT = 'all';
* Retrieve a list of tags, allowing different filters.
* @param Request $request Slim request.
* @param Response $response Slim response.
* @return Response response.
* @throws ApiBadParametersException Invalid parameters.
public function getTags($request, $response)
$visibility = $request->getParam('visibility');
$tags = $this->bookmarkService->bookmarksCountPerTag([], $visibility);
// Return tags from the {offset}th tag, starting from 0.
$offset = $request->getParam('offset');
if (! empty($offset) && ! ctype_digit($offset)) {
throw new ApiBadParametersException('Invalid offset');
$offset = ! empty($offset) ? intval($offset) : 0;
if ($offset > count($tags)) {
return $response->withJson([], 200, $this->jsonStyle);
// limit parameter is either a number of bookmarks or 'all' for everything.
$limit = $request->getParam('limit');
if (empty($limit)) {
$limit = self::$DEFAULT_LIMIT;
if (ctype_digit($limit)) {
$limit = intval($limit);
} elseif ($limit === 'all') {
$limit = count($tags);
} else {
throw new ApiBadParametersException('Invalid limit');
$out = [];
$index = 0;
foreach ($tags as $tag => $occurrences) {
if (count($out) >= $limit) {
if ($index++ >= $offset) {
$out[] = ApiUtils::formatTag($tag, $occurrences);
return $response->withJson($out, 200, $this->jsonStyle);
* Return a single formatted tag by its name.
* @param Request $request Slim request.
* @param Response $response Slim response.
* @param array $args Path parameters. including the tag name.
* @return Response containing the link array.
* @throws ApiTagNotFoundException generating a 404 error.
public function getTag($request, $response, $args)
$tags = $this->bookmarkService->bookmarksCountPerTag();
if (!isset($tags[$args['tagName']])) {
throw new ApiTagNotFoundException();
$out = ApiUtils::formatTag($args['tagName'], $tags[$args['tagName']]);
return $response->withJson($out, 200, $this->jsonStyle);
* Rename a tag from the given name.
* If the new name provided matches an existing tag, they will be merged.
* @param Request $request Slim request.
* @param Response $response Slim response.
* @param array $args Path parameters. including the tag name.
* @return Response response.
* @throws ApiTagNotFoundException generating a 404 error.
* @throws ApiBadParametersException new tag name not provided
public function putTag($request, $response, $args)
$tags = $this->bookmarkService->bookmarksCountPerTag();
if (! isset($tags[$args['tagName']])) {
throw new ApiTagNotFoundException();
$data = $request->getParsedBody();
if (empty($data['name'])) {
throw new ApiBadParametersException('New tag name is required in the request body');
$searchResult = $this->bookmarkService->search(
['searchtags' => $args['tagName']],
foreach ($searchResult->getBookmarks() as $bookmark) {
$bookmark->renameTag($args['tagName'], $data['name']);
$this->bookmarkService->set($bookmark, false);
$tags = $this->bookmarkService->bookmarksCountPerTag();
$out = ApiUtils::formatTag($data['name'], $tags[$data['name']]);
return $response->withJson($out, 200, $this->jsonStyle);
* Delete an existing tag by its name.
* @param Request $request Slim request.
* @param Response $response Slim response.
* @param array $args Path parameters. including the tag name.
* @return Response response.
* @throws ApiTagNotFoundException generating a 404 error.
public function deleteTag($request, $response, $args)
$tags = $this->bookmarkService->bookmarksCountPerTag();
if (! isset($tags[$args['tagName']])) {
throw new ApiTagNotFoundException();
$searchResult = $this->bookmarkService->search(
['searchtags' => $args['tagName']],
foreach ($searchResult->getBookmarks() as $bookmark) {
$this->bookmarkService->set($bookmark, false);
return $response->withStatus(204);

View file

@ -1,34 +0,0 @@
namespace Shaarli\Api\Exceptions;
* Class ApiAuthorizationException
* Request not authorized, return a 401 HTTP code.
class ApiAuthorizationException extends ApiException
* {@inheritdoc}
public function getApiResponse()
$this->setMessage('Not authorized');
return $this->buildApiResponse(401);
* Set the exception message.
* We only return a generic error message in production mode to avoid giving
* to much security information.
* @param $message string the exception message.
public function setMessage($message)
$original = $this->debug === true ? ': ' . $this->getMessage() : '';
$this->message = $message . $original;

View file

@ -1,19 +0,0 @@
namespace Shaarli\Api\Exceptions;
* Class ApiBadParametersException
* Invalid request exception, return a 400 HTTP code.
class ApiBadParametersException extends ApiException
* {@inheritdoc}
public function getApiResponse()
return $this->buildApiResponse(400);

View file

@ -1,78 +0,0 @@
namespace Shaarli\Api\Exceptions;
use Slim\Http\Response;
* Abstract class ApiException
* Parent Exception related to the API, able to generate a valid Response (ResponseInterface).
* Also can include various information in debug mode.
abstract class ApiException extends \Exception
* @var Response instance from Slim.
protected $response;
* @var bool Debug mode enabled/disabled.
protected $debug;
* Build the final response.
* @return Response Final response to give.
abstract public function getApiResponse();
* Creates ApiResponse body.
* In production mode, it will only return the exception message,
* but in dev mode, it includes additional information in an array.
* @return array|string response body
protected function getApiResponseBody()
if ($this->debug !== true) {
return $this->getMessage();
return [
'message' => $this->getMessage(),
'stacktrace' => get_class($this) . ': ' . $this->getTraceAsString()
* Build the Response object to return.
* @param int $code HTTP status.
* @return Response with status + body.
protected function buildApiResponse($code)
$style = $this->debug ? JSON_PRETTY_PRINT : null;
return $this->response->withJson($this->getApiResponseBody(), $code, $style);
* @param Response $response
public function setResponse($response)
$this->response = $response;
* @param bool $debug
public function setDebug($debug)
$this->debug = $debug;

View file

@ -1,19 +0,0 @@
namespace Shaarli\Api\Exceptions;
* Class ApiInternalException
* Generic exception, return a 500 HTTP code.
class ApiInternalException extends ApiException
* @inheritdoc
public function getApiResponse()
return $this->buildApiResponse(500);

View file

@ -1,29 +0,0 @@
namespace Shaarli\Api\Exceptions;
* Class ApiLinkNotFoundException
* Link selected by ID couldn't be found, results in a 404 error.
* @package Shaarli\Api\Exceptions
class ApiLinkNotFoundException extends ApiException
* ApiLinkNotFoundException constructor.
public function __construct()
$this->message = 'Link not found';
* {@inheritdoc}
public function getApiResponse()
return $this->buildApiResponse(404);

View file

@ -1,29 +0,0 @@
namespace Shaarli\Api\Exceptions;
* Class ApiTagNotFoundException
* Tag selected by name couldn't be found in the datastore, results in a 404 error.
* @package Shaarli\Api\Exceptions
class ApiTagNotFoundException extends ApiException
* ApiLinkNotFoundException constructor.
public function __construct()
$this->message = 'Tag not found';
* {@inheritdoc}
public function getApiResponse()
return $this->buildApiResponse(404);

View file

@ -1,542 +0,0 @@
namespace Shaarli\Bookmark;
use DateTime;
use DateTimeInterface;
use Shaarli\Bookmark\Exception\InvalidBookmarkException;
* Class Bookmark
* This class represent a single Bookmark with all its attributes.
* Every bookmark should manipulated using this, before being formatted.
* @package Shaarli\Bookmark
class Bookmark
/** @var string Date format used in string (former ID format) */
public const LINK_DATE_FORMAT = 'Ymd_His';
/** @var int Bookmark ID */
protected $id;
/** @var string Permalink identifier */
protected $shortUrl;
/** @var string Bookmark's URL - $shortUrl prefixed with `?` for notes */
protected $url;
/** @var string Bookmark's title */
protected $title;
/** @var string Raw bookmark's description */
protected $description;
/** @var array List of bookmark's tags */
protected $tags;
/** @var string|bool|null Thumbnail's URL - initialized at null, false if no thumbnail could be found */
protected $thumbnail;
/** @var bool Set to true if the bookmark is set as sticky */
protected $sticky;
/** @var DateTimeInterface Creation datetime */
protected $created;
/** @var DateTimeInterface datetime */
protected $updated;
/** @var bool True if the bookmark can only be seen while logged in */
protected $private;
/** @var mixed[] Available to store any additional content for a bookmark. Currently used for search highlight. */
protected $additionalContent = [];
* Initialize a link from array data. Especially useful to create a Bookmark from former link storage format.
* @param array $data
* @param string $tagsSeparator Tags separator loaded from the config file.
* This is a context data, and it should *never* be stored in the Bookmark object.
* @return $this
public function fromArray(array $data, string $tagsSeparator = ' '): Bookmark
$this->id = $data['id'] ?? null;
$this->shortUrl = $data['shorturl'] ?? null;
$this->url = $data['url'] ?? null;
$this->title = $data['title'] ?? null;
$this->description = $data['description'] ?? null;
$this->thumbnail = $data['thumbnail'] ?? null;
$this->sticky = $data['sticky'] ?? false;
$this->created = $data['created'] ?? null;
if (is_array($data['tags'])) {
$this->tags = $data['tags'];
} else {
$this->tags = tags_str2array($data['tags'] ?? '', $tagsSeparator);
if (! empty($data['updated'])) {
$this->updated = $data['updated'];
$this->private = ($data['private'] ?? false) ? true : false;
$this->additionalContent = $data['additional_content'] ?? [];
return $this;
* Make sure that the current instance of Bookmark is valid and can be saved into the data store.
* A valid link requires:
* - an integer ID
* - a short URL (for permalinks)
* - a creation date
* This function also initialize optional empty fields:
* - the URL with the permalink
* - the title with the URL
* Also make sure that we do not save search highlights in the datastore.
* @throws InvalidBookmarkException
public function validate(): void
if (
$this->id === null
|| ! is_int($this->id)
|| empty($this->shortUrl)
|| empty($this->created)
) {
throw new InvalidBookmarkException($this);
if (empty($this->url)) {
$this->url = '/shaare/' . $this->shortUrl;
if (empty($this->title)) {
$this->title = $this->url;
if (array_key_exists('search_highlight', $this->additionalContent)) {
* Set the Id.
* If they're not already initialized, this function also set:
* - created: with the current datetime
* - shortUrl: with a generated small hash from the date and the given ID
* @param int|null $id
* @return Bookmark
public function setId(?int $id): Bookmark
$this->id = $id;
if (empty($this->created)) {
$this->created = new DateTime();
if (empty($this->shortUrl)) {
$this->shortUrl = link_small_hash($this->created, $this->id);
return $this;
* Get the Id.
* @return int|null
public function getId(): ?int
return $this->id;
* Get the ShortUrl.
* @return string|null
public function getShortUrl(): ?string
return $this->shortUrl;
* Get the Url.
* @return string|null
public function getUrl(): ?string
return $this->url;
* Get the Title.
* @return string
public function getTitle(): ?string
return $this->title;
* Get the Description.
* @return string
public function getDescription(): string
return ! empty($this->description) ? $this->description : '';
* Get the Created.
* @return DateTimeInterface
public function getCreated(): ?DateTimeInterface
return $this->created;
* Get the Updated.
* @return DateTimeInterface
public function getUpdated(): ?DateTimeInterface
return $this->updated;
* Set the ShortUrl.
* @param string|null $shortUrl
* @return Bookmark
public function setShortUrl(?string $shortUrl): Bookmark
$this->shortUrl = $shortUrl;
return $this;
* Set the Url.
* @param string|null $url
* @param string[] $allowedProtocols
* @return Bookmark
public function setUrl(?string $url, array $allowedProtocols = []): Bookmark
$url = $url !== null ? trim($url) : '';
if (! empty($url)) {
$url = whitelist_protocols($url, $allowedProtocols);
$this->url = $url;
return $this;
* Set the Title.
* @param string|null $title
* @return Bookmark
public function setTitle(?string $title): Bookmark
$this->title = $title !== null ? trim($title) : '';
return $this;
* Set the Description.
* @param string|null $description
* @return Bookmark
public function setDescription(?string $description): Bookmark
$this->description = $description;
return $this;
* Set the Created.
* Note: you shouldn't set this manually except for special cases (like bookmark import)
* @param DateTimeInterface|null $created
* @return Bookmark
public function setCreated(?DateTimeInterface $created): Bookmark
$this->created = $created;
return $this;
* Set the Updated.
* @param DateTimeInterface|null $updated
* @return Bookmark
public function setUpdated(?DateTimeInterface $updated): Bookmark
$this->updated = $updated;
return $this;
* Get the Private.
* @return bool
public function isPrivate(): bool
return $this->private ? true : false;
* Set the Private.
* @param bool|null $private
* @return Bookmark
public function setPrivate(?bool $private): Bookmark
$this->private = $private ? true : false;
return $this;
* Get the Tags.
* @return string[]
public function getTags(): array
return is_array($this->tags) ? $this->tags : [];
* Set the Tags.
* @param string[]|null $tags
* @return Bookmark
public function setTags(?array $tags): Bookmark
$this->tags = array_map(
function (string $tag): string {
return $tag[0] === '-' ? substr($tag, 1) : $tag;
tags_filter($tags, ' ')
return $this;
* Get the Thumbnail.
* @return string|bool|null Thumbnail's URL - initialized at null, false if no thumbnail could be found
public function getThumbnail()
return !$this->isNote() ? $this->thumbnail : false;
* Set the Thumbnail.
* @param string|bool|null $thumbnail Thumbnail's URL - false if no thumbnail could be found
* @return Bookmark
public function setThumbnail($thumbnail): Bookmark
$this->thumbnail = $thumbnail;
return $this;
* Return true if:
* - the bookmark's thumbnail is not already set to false (= not found)
* - it's not a note
* - it's an HTTP(S) link
* - the thumbnail has not yet be retrieved (null) or its associated cache file doesn't exist anymore
* @return bool True if the bookmark's thumbnail needs to be retrieved.
public function shouldUpdateThumbnail(): bool
return $this->thumbnail !== false
&& !$this->isNote()
&& startsWith(strtolower($this->url), 'http')
&& (null === $this->thumbnail || !is_file($this->thumbnail))
* Get the Sticky.
* @return bool
public function isSticky(): bool
return $this->sticky ? true : false;
* Set the Sticky.
* @param bool|null $sticky
* @return Bookmark
public function setSticky(?bool $sticky): Bookmark
$this->sticky = $sticky ? true : false;
return $this;
* @param string $separator Tags separator loaded from the config file.
* @return string Bookmark's tags as a string, separated by a separator
public function getTagsString(string $separator = ' '): string
return tags_array2str($this->getTags(), $separator);
* @return bool
public function isNote(): bool
// We check empty value to get a valid result if the link has not been saved yet
return empty($this->url) || startsWith($this->url, '/shaare/') || $this->url[0] === '?';
* Set tags from a string.
* Note:
* - tags must be separated whether by a space or a comma
* - multiple spaces will be removed
* - trailing dash in tags will be removed
* @param string|null $tags
* @param string $separator Tags separator loaded from the config file.
* @return $this
public function setTagsString(?string $tags, string $separator = ' '): Bookmark
$this->setTags(tags_str2array($tags, $separator));
return $this;
* Get entire additionalContent array.
* @return mixed[]
public function getAdditionalContent(): array
return $this->additionalContent;
* Set a single entry in additionalContent, by key.
* @param string $key
* @param mixed|null $value Any type of value can be set.
* @return $this
public function setAdditionalContentEntry(string $key, $value): self
$this->additionalContent[$key] = $value;
return $this;
* Get a single entry in additionalContent, by key.
* @param string $key
* @param mixed|null $default
* @return mixed|null can be any type or even null.
public function getAdditionalContentEntry(string $key, $default = null)
return array_key_exists($key, $this->additionalContent) ? $this->additionalContent[$key] : $default;
* Rename a tag in tags list.
* @param string $fromTag
* @param string $toTag
public function renameTag(string $fromTag, string $toTag): void
if (($pos = array_search($fromTag, $this->tags ?? [])) !== false) {
$this->tags[$pos] = trim($toTag);
* Add a tag in tags list.
* @param string $tag
public function addTag(string $tag): self
return $this->setTags(array_unique(array_merge($this->getTags(), [$tag])));
* Delete a tag from tags list.
* @param string $tag
public function deleteTag(string $tag): void
while (($pos = array_search($tag, $this->tags ?? [])) !== false) {
$this->tags = array_values($this->tags);

View file

@ -1,264 +0,0 @@
namespace Shaarli\Bookmark;
use Shaarli\Bookmark\Exception\InvalidBookmarkException;
* Class BookmarkArray
* Implementing ArrayAccess, this allows us to use the bookmark list
* as an array and iterate over it.
* @package Shaarli\Bookmark
class BookmarkArray implements \Iterator, \Countable, \ArrayAccess
* @var Bookmark[]
protected $bookmarks;
* @var array List of all bookmarks IDS mapped with their array offset.
* Map: id->offset.
protected $ids;
* @var int Position in the $this->keys array (for the Iterator interface)
protected $position;
* @var array List of offset keys (for the Iterator interface implementation)
protected $keys;
* @var array List of all recorded URLs (key=url, value=bookmark offset)
* for fast reserve search (url-->bookmark offset)
protected $urls;
public function __construct()
$this->ids = [];
$this->bookmarks = [];
$this->keys = [];
$this->urls = [];
$this->position = 0;
* Countable - Counts elements of an object
* @return int Number of bookmarks
public function count(): int
return count($this->bookmarks);
* ArrayAccess - Assigns a value to the specified offset
* @param int $offset Bookmark ID
* @param Bookmark $value instance
* @throws InvalidBookmarkException
public function offsetSet($offset, $value): void
if (
! $value instanceof Bookmark
|| $value->getId() === null || empty($value->getUrl())
|| ($offset !== null && ! is_int($offset)) || ! is_int($value->getId())
|| $offset !== null && $offset !== $value->getId()
) {
throw new InvalidBookmarkException($value);
// If the bookmark exists, we reuse the real offset, otherwise new entry
if ($offset !== null) {
$existing = $this->getBookmarkOffset($offset);
} else {
$existing = $this->getBookmarkOffset($value->getId());
if ($existing !== null) {
$offset = $existing;
} else {
$offset = count($this->bookmarks);
$this->bookmarks[$offset] = $value;
$this->urls[$value->getUrl()] = $offset;
$this->ids[$value->getId()] = $offset;
* ArrayAccess - Whether or not an offset exists
* @param int $offset Bookmark ID
* @return bool true if it exists, false otherwise
public function offsetExists($offset): bool
return array_key_exists($this->getBookmarkOffset($offset), $this->bookmarks);
* ArrayAccess - Unsets an offset
* @param int $offset Bookmark ID
public function offsetUnset($offset): void
$realOffset = $this->getBookmarkOffset($offset);
$url = $this->bookmarks[$realOffset]->getUrl();
* ArrayAccess - Returns the value at specified offset
* @param int $offset Bookmark ID
* @return Bookmark|null The Bookmark if found, null otherwise
public function offsetGet($offset): ?Bookmark
$realOffset = $this->getBookmarkOffset($offset);
return isset($this->bookmarks[$realOffset]) ? $this->bookmarks[$realOffset] : null;
* Iterator - Returns the current element
* @return Bookmark corresponding to the current position
public function current(): Bookmark
return $this[$this->keys[$this->position]];
* Iterator - Returns the key of the current element
* @return int Bookmark ID corresponding to the current position
public function key(): int
return $this->keys[$this->position];
* Iterator - Moves forward to next element
public function next(): void
* Iterator - Rewinds the Iterator to the first element
* Entries are sorted by date (latest first)
public function rewind(): void
$this->keys = array_keys($this->ids);
$this->position = 0;
* Iterator - Checks if current position is valid
* @return bool true if the current Bookmark ID exists, false otherwise
public function valid(): bool
return isset($this->keys[$this->position]);
* Returns a bookmark offset in bookmarks array from its unique ID.
* @param int|null $id Persistent ID of a bookmark.
* @return int Real offset in local array, or null if doesn't exist.
protected function getBookmarkOffset(?int $id): ?int
if ($id !== null && isset($this->ids[$id])) {
return $this->ids[$id];
return null;
* Return the next key for bookmark creation.
* E.g. If the last ID is 597, the next will be 598.
* @return int next ID.
public function getNextId(): int
if (!empty($this->ids)) {
return max(array_keys($this->ids)) + 1;
return 0;
* @param string $url
* @return Bookmark|null
public function getByUrl(string $url): ?Bookmark
if (
! empty($url)
&& isset($this->urls[$url])
&& isset($this->bookmarks[$this->urls[$url]])
) {
return $this->bookmarks[$this->urls[$url]];
return null;
* Reorder links by creation date (newest first).
* Also update the urls and ids mapping arrays.
* @param string $order ASC|DESC
* @param bool $ignoreSticky If set to true, sticky bookmarks won't be first
public function reorder(string $order = 'DESC', bool $ignoreSticky = false): void
$order = $order === 'ASC' ? -1 : 1;
// Reorder array by dates.
usort($this->bookmarks, function ($a, $b) use ($order, $ignoreSticky) {
/** @var $a Bookmark */
/** @var $b Bookmark */
if (false === $ignoreSticky && $a->isSticky() !== $b->isSticky()) {
return $a->isSticky() ? -1 : 1;
return $a->getCreated() < $b->getCreated() ? 1 * $order : -1 * $order;
$this->urls = [];
$this->ids = [];
foreach ($this->bookmarks as $key => $bookmark) {
$this->urls[$bookmark->getUrl()] = $key;
$this->ids[$bookmark->getId()] = $key;

View file

@ -1,443 +0,0 @@
namespace Shaarli\Bookmark;
use DateTime;
use Exception;
use malkusch\lock\mutex\Mutex;
use Shaarli\Bookmark\Exception\BookmarkNotFoundException;
use Shaarli\Bookmark\Exception\DatastoreNotInitializedException;
use Shaarli\Bookmark\Exception\EmptyDataStoreException;
use Shaarli\Config\ConfigManager;
use Shaarli\Formatter\BookmarkMarkdownFormatter;
use Shaarli\History;
use Shaarli\Legacy\LegacyLinkDB;
use Shaarli\Legacy\LegacyUpdater;
use Shaarli\Plugin\PluginManager;
use Shaarli\Render\PageCacheManager;
use Shaarli\Updater\UpdaterUtils;
* Class BookmarksService
* This is the entry point to manipulate the bookmark DB.
* It manipulates loads links from a file data store containing all bookmarks.
* It also triggers the legacy format (bookmarks as arrays) migration.
class BookmarkFileService implements BookmarkServiceInterface
/** @var Bookmark[] instance */
protected $bookmarks;
/** @var BookmarkIO instance */
protected $bookmarksIO;
/** @var BookmarkFilter */
protected $bookmarkFilter;
/** @var ConfigManager instance */
protected $conf;
/** @var PluginManager */
protected $pluginManager;
/** @var History instance */
protected $history;
/** @var PageCacheManager instance */
protected $pageCacheManager;
/** @var bool true for logged in users. Default value to retrieve private bookmarks. */
protected $isLoggedIn;
/** @var Mutex */
protected $mutex;
* @inheritDoc
public function __construct(
ConfigManager $conf,
PluginManager $pluginManager,
History $history,
Mutex $mutex,
bool $isLoggedIn
) {
$this->conf = $conf;
$this->history = $history;
$this->mutex = $mutex;
$this->pageCacheManager = new PageCacheManager($this->conf->get('resource.page_cache'), $isLoggedIn);
$this->bookmarksIO = new BookmarkIO($this->conf, $this->mutex);
$this->isLoggedIn = $isLoggedIn;
if (!$this->isLoggedIn && $this->conf->get('privacy.hide_public_links', false)) {
$this->bookmarks = new BookmarkArray();
} else {
try {
$this->bookmarks = $this->bookmarksIO->read();
} catch (EmptyDataStoreException | DatastoreNotInitializedException $e) {
$this->bookmarks = new BookmarkArray();
if ($this->isLoggedIn) {
// Datastore file does not exists, we initialize it with default bookmarks.
if ($e instanceof DatastoreNotInitializedException) {
} else {
if (! $this->bookmarks instanceof BookmarkArray) {
'Your data store has been migrated, please reload the page.' . PHP_EOL .
'If this message keeps showing up, please delete data/updates.txt file.'
$this->pluginManager = $pluginManager;
$this->bookmarkFilter = new BookmarkFilter($this->bookmarks, $this->conf, $this->pluginManager);
* @inheritDoc
public function findByHash(string $hash, string $privateKey = null): Bookmark
$bookmark = $this->bookmarkFilter->filter(BookmarkFilter::$FILTER_HASH, $hash);
// PHP 7.3 introduced array_key_first() to avoid this hack
$first = reset($bookmark);
if (
&& $first->isPrivate()
&& (empty($privateKey) || $privateKey !== $first->getAdditionalContentEntry('private_key'))
) {
throw new BookmarkNotFoundException();
return $first;
* @inheritDoc
public function findByUrl(string $url): ?Bookmark
return $this->bookmarks->getByUrl($url);
* @inheritDoc
public function search(
array $request = [],
string $visibility = null,
bool $caseSensitive = false,
bool $untaggedOnly = false,
bool $ignoreSticky = false,
array $pagination = []
): SearchResult {
if ($visibility === null) {
$visibility = $this->isLoggedIn ? BookmarkFilter::$ALL : BookmarkFilter::$PUBLIC;
// Filter bookmark database according to parameters.
$searchTags = isset($request['searchtags']) ? $request['searchtags'] : '';
$searchTerm = isset($request['searchterm']) ? $request['searchterm'] : '';
if ($ignoreSticky) {
$this->bookmarks->reorder('DESC', true);
$bookmarks = $this->bookmarkFilter->filter(
BookmarkFilter::$FILTER_TAG | BookmarkFilter::$FILTER_TEXT,
[$searchTags, $searchTerm],
return SearchResult::getSearchResult(
$pagination['offset'] ?? 0,
$pagination['limit'] ?? null,
$pagination['allowOutOfBounds'] ?? false
* @inheritDoc
public function get(int $id, string $visibility = null): Bookmark
if (! isset($this->bookmarks[$id])) {
throw new BookmarkNotFoundException();
if ($visibility === null) {
$visibility = $this->isLoggedIn ? BookmarkFilter::$ALL : BookmarkFilter::$PUBLIC;
$bookmark = $this->bookmarks[$id];
if (
($bookmark->isPrivate() && $visibility != 'all' && $visibility != 'private')
|| (! $bookmark->isPrivate() && $visibility != 'all' && $visibility != 'public')
) {
throw new Exception('Unauthorized');
return $bookmark;
* @inheritDoc
public function set(Bookmark $bookmark, bool $save = true): Bookmark
if (true !== $this->isLoggedIn) {
throw new Exception(t('You\'re not authorized to alter the datastore'));
if (! isset($this->bookmarks[$bookmark->getId()])) {
throw new BookmarkNotFoundException();
$bookmark->setUpdated(new DateTime());
$this->bookmarks[$bookmark->getId()] = $bookmark;
if ($save === true) {
return $this->bookmarks[$bookmark->getId()];
* @inheritDoc
public function add(Bookmark $bookmark, bool $save = true): Bookmark
if (true !== $this->isLoggedIn) {
throw new Exception(t('You\'re not authorized to alter the datastore'));
if (!empty($bookmark->getId())) {
throw new Exception(t('This bookmarks already exists'));
$this->bookmarks[$bookmark->getId()] = $bookmark;
if ($save === true) {
return $this->bookmarks[$bookmark->getId()];
* @inheritDoc
public function addOrSet(Bookmark $bookmark, bool $save = true): Bookmark
if (true !== $this->isLoggedIn) {
throw new Exception(t('You\'re not authorized to alter the datastore'));
if ($bookmark->getId() === null) {
return $this->add($bookmark, $save);
return $this->set($bookmark, $save);
* @inheritDoc
public function remove(Bookmark $bookmark, bool $save = true): void
if (true !== $this->isLoggedIn) {
throw new Exception(t('You\'re not authorized to alter the datastore'));
if (! isset($this->bookmarks[$bookmark->getId()])) {
throw new BookmarkNotFoundException();
if ($save === true) {
* @inheritDoc
public function exists(int $id, string $visibility = null): bool
if (! isset($this->bookmarks[$id])) {
return false;
if ($visibility === null) {
$visibility = $this->isLoggedIn ? 'all' : 'public';
$bookmark = $this->bookmarks[$id];
if (
($bookmark->isPrivate() && $visibility != 'all' && $visibility != 'private')
|| (! $bookmark->isPrivate() && $visibility != 'all' && $visibility != 'public')
) {
return false;
return true;
* @inheritDoc
public function count(string $visibility = null): int
return $this->search([], $visibility)->getResultCount();
* @inheritDoc
public function save(): void
if (true !== $this->isLoggedIn) {
// TODO: raise an Exception instead
die('You are not authorized to change the database.');
* @inheritDoc
public function bookmarksCountPerTag(array $filteringTags = [], string $visibility = null): array
$searchResult = $this->search(['searchtags' => $filteringTags], $visibility);
$tags = [];
$caseMapping = [];
foreach ($searchResult->getBookmarks() as $bookmark) {
foreach ($bookmark->getTags() as $tag) {
if (
|| (! $this->isLoggedIn && startsWith($tag, '.'))
|| $tag === BookmarkMarkdownFormatter::NO_MD_TAG
|| in_array($tag, $filteringTags, true)
) {
// The first case found will be displayed.
if (!isset($caseMapping[strtolower($tag)])) {
$caseMapping[strtolower($tag)] = $tag;
$tags[$caseMapping[strtolower($tag)]] = 0;
* Formerly used arsort(), which doesn't define the sort behaviour for equal values.
* Also, this function doesn't produce the same result between PHP 5.6 and 7.
* So we now use array_multisort() to sort tags by DESC occurrences,
* then ASC alphabetically for equal values.
* @see
$keys = array_keys($tags);
$tmpTags = array_combine($keys, $keys);
array_multisort($tags, SORT_DESC, $tmpTags, SORT_ASC, $tags);
return $tags;
* @inheritDoc
public function findByDate(
\DateTimeInterface $from,
\DateTimeInterface $to,
?\DateTimeInterface &$previous,
?\DateTimeInterface &$next
): array {
$out = [];
$previous = null;
$next = null;
foreach ($this->search([], null, false, false, true)->getBookmarks() as $bookmark) {
if ($to < $bookmark->getCreated()) {
$next = $bookmark->getCreated();
} elseif ($from < $bookmark->getCreated() && $to > $bookmark->getCreated()) {
$out[] = $bookmark;
} else {
if ($previous !== null) {
$previous = $bookmark->getCreated();
return $out;
* @inheritDoc
public function getLatest(): ?Bookmark
foreach ($this->search([], null, false, false, true)->getBookmarks() as $bookmark) {
return $bookmark;
return null;
* @inheritDoc
public function initialize(): void
$initializer = new BookmarkInitializer($this);
if (true === $this->isLoggedIn) {
* Handles migration to the new database format (BookmarksArray).
protected function migrate(): void
$bookmarkDb = new LegacyLinkDB(
$updater = new LegacyUpdater(
$newUpdates = $updater->update();
if (! empty($newUpdates)) {

View file

@ -1,635 +0,0 @@
namespace Shaarli\Bookmark;
use Shaarli\Bookmark\Exception\BookmarkNotFoundException;
use Shaarli\Config\ConfigManager;
use Shaarli\Plugin\PluginManager;
* Class LinkFilter.
* Perform search and filter operation on link data list.
class BookmarkFilter
* @var string permalinks.
public static $FILTER_HASH = 'permalink';
* @var string text search.
public static $FILTER_TEXT = 'fulltext';
* @var string tag filter.
public static $FILTER_TAG = 'tags';
* @var string filter by day.
public static $DEFAULT = 'NO_FILTER';
/** @var string Visibility: all */
public static $ALL = 'all';
/** @var string Visibility: public */
public static $PUBLIC = 'public';
/** @var string Visibility: private */
public static $PRIVATE = 'private';
* @var string Allowed characters for hashtags (regex syntax).
public static $HASHTAG_CHARS = '\p{Pc}\p{N}\p{L}\p{Mn}';
* @var Bookmark[] all available bookmarks.
private $bookmarks;
/** @var ConfigManager */
protected $conf;
/** @var PluginManager */
protected $pluginManager;
* @param Bookmark[] $bookmarks initialization.
public function __construct($bookmarks, ConfigManager $conf, PluginManager $pluginManager)
$this->bookmarks = $bookmarks;
$this->conf = $conf;
$this->pluginManager = $pluginManager;
* Filter bookmarks according to parameters.
* @param string $type Type of filter (eg. tags, permalink, etc.).
* @param mixed $request Filter content.
* @param bool $casesensitive Optional: Perform case sensitive filter if true.
* @param string $visibility Optional: return only all/private/public bookmarks
* @param bool $untaggedonly Optional: return only untagged bookmarks. Applies only if $type includes FILTER_TAG
* @return Bookmark[] filtered bookmark list.
* @throws BookmarkNotFoundException
public function filter(
string $type,
bool $casesensitive = false,
string $visibility = 'all',
bool $untaggedonly = false
) {
if (!in_array($visibility, ['all', 'public', 'private'])) {
$visibility = 'all';
switch ($type) {
case self::$FILTER_HASH:
return $this->filterSmallHash($request);
case self::$FILTER_TAG | self::$FILTER_TEXT: // == "vuotext"
$noRequest = empty($request) || (empty($request[0]) && empty($request[1]));
if ($noRequest) {
if ($untaggedonly) {
return $this->filterUntagged($visibility);
return $this->noFilter($visibility);
if ($untaggedonly) {
$filtered = $this->filterUntagged($visibility);
} else {
$filtered = $this->bookmarks;
if (!empty($request[0])) {
$filtered = (new BookmarkFilter($filtered, $this->conf, $this->pluginManager))
->filterTags($request[0], $casesensitive, $visibility)
if (!empty($request[1])) {
$filtered = (new BookmarkFilter($filtered, $this->conf, $this->pluginManager))
->filterFulltext($request[1], $visibility)
return $filtered;
case self::$FILTER_TEXT:
return $this->filterFulltext($request, $visibility);
case self::$FILTER_TAG:
if ($untaggedonly) {
return $this->filterUntagged($visibility);
} else {
return $this->filterTags($request, $casesensitive, $visibility);
return $this->noFilter($visibility);
* Unknown filter, but handle private only.
* @param string $visibility Optional: return only all/private/public bookmarks
* @return Bookmark[] filtered bookmarks.
private function noFilter(string $visibility = 'all')
$out = [];
foreach ($this->bookmarks as $key => $value) {
if (
['source' => 'no_filter', 'visibility' => $visibility]
) {
if ($visibility === 'all') {
$out[$key] = $value;
} elseif ($value->isPrivate() && $visibility === 'private') {
$out[$key] = $value;
} elseif (!$value->isPrivate() && $visibility === 'public') {
$out[$key] = $value;
return $out;
* Returns the shaare corresponding to a smallHash.
* @param string $smallHash permalink hash.
* @return Bookmark[] $filtered array containing permalink data.
* @throws BookmarkNotFoundException if the smallhash doesn't match any link.
private function filterSmallHash(string $smallHash)
foreach ($this->bookmarks as $key => $l) {
if ($smallHash == $l->getShortUrl()) {
// Yes, this is ugly and slow
return [$key => $l];
throw new BookmarkNotFoundException();
* Returns the list of bookmarks corresponding to a full-text search
* Searches:
* - in the URLs, title and description;
* - are case-insensitive;
* - terms surrounded by quotes " are exact terms search.
* - terms starting with a dash - are excluded (except exact terms).
* Example:
* print_r($mydb->filterFulltext('hollandais'));
* mb_convert_case($val, MB_CASE_LOWER, 'UTF-8')
* - allows to perform searches on Unicode text
* - see for examples
* @param string $searchterms search query.
* @param string $visibility Optional: return only all/private/public bookmarks.
* @return Bookmark[] search results.
private function filterFulltext(string $searchterms, string $visibility = 'all')
if (empty($searchterms)) {
return $this->noFilter($visibility);
$filtered = [];
$search = mb_convert_case(html_entity_decode($searchterms), MB_CASE_LOWER, 'UTF-8');
$exactRegex = '/"([^"]+)"/';
// Retrieve exact search terms.
preg_match_all($exactRegex, $search, $exactSearch);
$exactSearch = array_values(array_filter($exactSearch[1]));
// Remove exact search terms to get AND terms search.
$explodedSearchAnd = explode(' ', trim(preg_replace($exactRegex, '', $search)));
$explodedSearchAnd = array_values(array_filter($explodedSearchAnd));
// Filter excluding terms and update andSearch.
$excludeSearch = [];
$andSearch = [];
foreach ($explodedSearchAnd as $needle) {
if ($needle[0] == '-' && strlen($needle) > 1) {
$excludeSearch[] = substr($needle, 1);
} else {
$andSearch[] = $needle;
// Iterate over every stored link.
foreach ($this->bookmarks as $id => $bookmark) {
if (
'source' => 'fulltext',
'searchterms' => $searchterms,
'andSearch' => $andSearch,
'exactSearch' => $exactSearch,
'excludeSearch' => $excludeSearch,
'visibility' => $visibility
) {
// ignore non private bookmarks when 'privatonly' is on.
if ($visibility !== 'all') {
if (!$bookmark->isPrivate() && $visibility === 'private') {
} elseif ($bookmark->isPrivate() && $visibility === 'public') {
$lengths = [];
$content = $this->buildFullTextSearchableLink($bookmark, $lengths);
// Be optimistic
$found = true;
$foundPositions = [];
// First, we look for exact term search
// Then iterate over keywords, if keyword is not found,
// no need to check for the others. We want all or nothing.
foreach ([$exactSearch, $andSearch] as $search) {
for ($i = 0; $i < count($search) && $found !== false; $i++) {
$found = mb_strpos($content, $search[$i]);
if ($found === false) {
$foundPositions[] = ['start' => $found, 'end' => $found + mb_strlen($search[$i])];
// Exclude terms.
for ($i = 0; $i < count($excludeSearch) && $found !== false; $i++) {
$found = strpos($content, $excludeSearch[$i]) === false;
if ($found !== false) {
$this->postProcessFoundPositions($lengths, $foundPositions)
$filtered[$id] = $bookmark;
return $filtered;
* Returns the list of bookmarks associated with a given list of tags
* You can specify one or more tags, separated by space or a comma, e.g.
* print_r($mydb->filterTags('linux programming'));
* @param string|array $tags list of tags, separated by commas or blank spaces if passed as string.
* @param bool $casesensitive ignore case if false.
* @param string $visibility Optional: return only all/private/public bookmarks.
* @return Bookmark[] filtered bookmarks.
public function filterTags($tags, bool $casesensitive = false, string $visibility = 'all')
$tagsSeparator = $this->conf->get('general.tags_separator', ' ');
// get single tags (we may get passed an array, even though the docs say different)
$inputTags = $tags;
if (!is_array($tags)) {
// we got an input string, split tags
$inputTags = tags_str2array($inputTags, $tagsSeparator);
if (count($inputTags) === 0) {
// no input tags
return $this->noFilter($visibility);
// If we only have public visibility, we can't look for hidden tags
if ($visibility === self::$PUBLIC) {
$inputTags = array_values(array_filter($inputTags, function ($tag) {
return ! startsWith($tag, '.');
if (empty($inputTags)) {
return [];
// build regex from all tags
$re_and = implode(array_map([$this, 'tag2regex'], $inputTags));
$re = '/^' . $re_and;
$orTags = array_filter(array_map(function ($tag) {
return startsWith($tag, '~') ? substr($tag, 1) : null;
}, $inputTags));
$re_or = implode('|', array_map([$this, 'tag2matchterm'], $orTags));
if ($re_or) {
$re_or = '(' . $re_or . ')';
$re .= $this->term2match($re_or, false);
$re .= '.*$/';
if (!$casesensitive) {
// make regex case insensitive
$re .= 'i';
// create resulting array
$filtered = [];
// iterate over each link
foreach ($this->bookmarks as $key => $bookmark) {
if (
'source' => 'tags',
'tags' => $tags,
'casesensitive' => $casesensitive,
'visibility' => $visibility
) {
// check level of visibility
// ignore non private bookmarks when 'privateonly' is on.
if ($visibility !== 'all') {
if (!$bookmark->isPrivate() && $visibility === 'private') {
} elseif ($bookmark->isPrivate() && $visibility === 'public') {
// build search string, start with tags of current link
$search = $bookmark->getTagsString($tagsSeparator);
if (strlen(trim($bookmark->getDescription())) && strpos($bookmark->getDescription(), '#') !== false) {
// description given and at least one possible tag found
$descTags = [];
// find all tags in the form of #tag in the description
'/(?<![' . self::$HASHTAG_CHARS . '])#([' . self::$HASHTAG_CHARS . ']+?)\b/sm',
if (count($descTags[1])) {
// there were some tags in the description, add them to the search string
$search .= $tagsSeparator . tags_array2str($descTags[1], $tagsSeparator);
// match regular expression with search string
if (!preg_match($re, $search)) {
// this entry does _not_ match our regex
$filtered[$key] = $bookmark;
return $filtered;
* Return only bookmarks without any tag.
* @param string $visibility return only all/private/public bookmarks.
* @return Bookmark[] filtered bookmarks.
public function filterUntagged(string $visibility)
$filtered = [];
foreach ($this->bookmarks as $key => $bookmark) {
if (
['source' => 'untagged', 'visibility' => $visibility]
) {
if ($visibility !== 'all') {
if (!$bookmark->isPrivate() && $visibility === 'private') {
} elseif ($bookmark->isPrivate() && $visibility === 'public') {
if (empty($bookmark->getTags())) {
$filtered[$key] = $bookmark;
return $filtered;
* Convert a list of tags (str) to an array. Also
* - handle case sensitivity.
* - accepts spaces commas as separator.
* @param string $tags string containing a list of tags.
* @param bool $casesensitive will convert everything to lowercase if false.
* @return string[] filtered tags string.
public static function tagsStrToArray(string $tags, bool $casesensitive): array
// We use UTF-8 conversion to handle various graphemes (i.e. cyrillic, or greek)
$tagsOut = $casesensitive ? $tags : mb_convert_case($tags, MB_CASE_LOWER, 'UTF-8');
$tagsOut = str_replace(',', ' ', $tagsOut);
return preg_split('/\s+/', $tagsOut, -1, PREG_SPLIT_NO_EMPTY);
* generate a regex fragment out of a tag
* @param string $tag to generate regexs from. may start with '-'
* to negate, contain '*' as wildcard. Tags starting with '~' are
* treated separately as an 'OR' clause.
* @return string generated regex fragment
protected function tag2regex(string $tag): string
$tagsSeparator = $this->conf->get('general.tags_separator', ' ');
if (!$tag || $tag === "-" || $tag === "*" || $tag[0] === "~") {
// nothing to search, return empty regex
return '';
$negate = false;
if ($tag[0] === "+" && $tag[1]) {
$tag = substr($tag, 1); // use offset to start after '+' character
if ($tag[0] === "-") {
// query is negated
$tag = substr($tag, 1); // use offset to start after '-' character
$negate = true;
$term = $this->tag2matchterm($tag);
return $this->term2match($term, $negate);
* generate a regex match term fragment out of a tag
* @param string $tag to to generate regexs from. This function
* assumes any leading flags ('-', '~') have been stripped. The
* wildcard flag '*' is expanded by this function and any other
* regex characters are escaped.
* @return string generated regex match term fragment
protected function tag2matchterm(string $tag): string
$tagsSeparator = $this->conf->get('general.tags_separator', ' ');
$len = strlen($tag);
$term = '';
// iterate over string, separating it into placeholder and content
$i = 0; // start at first character
for (; $i < $len; $i++) {
if ($tag[$i] === '*') {
// placeholder found
$term .= '[^' . $tagsSeparator . ']*?';
} else {
// regular characters
$offset = strpos($tag, '*', $i);
if ($offset === false) {
// no placeholder found, set offset to end of string
$offset = $len;
// subtract one, as we want to get before the placeholder or end of string
$offset -= 1;
// we got a tag name that we want to search for. escape any regex characters to prevent conflicts.
$term .= preg_quote(substr($tag, $i, $offset - $i + 1), '/');
// move $i on
$i = $offset;
return $term;
* generate a regex fragment out of a match term
* @param string $term is the match term already generated by tag2matchterm
* @param bool $negate if true create a negative lookahead
* @return string generated regex fragment
protected function term2match(string $term, bool $negate): string
$tagsSeparator = $this->conf->get('general.tags_separator', ' ');
$regex = $negate ? '(?!' : '(?='; // use negative or positive lookahead
// before tag may only be the separator or the beginning
$regex .= '.*(?:^|' . $tagsSeparator . ')';
$regex .= $term;
// after the tag may only be the separator or the end
$regex .= '(?:$|' . $tagsSeparator . '))';
return $regex;
* This method finalize the content of the foundPositions array,
* by associated all search results to their associated bookmark field,
* making sure that there is no overlapping results, etc.
* @param array $fieldLengths Start and end positions of every bookmark fields in the aggregated bookmark content.
* @param array $foundPositions Positions where the search results were found in the aggregated content.
* @return array Updated $foundPositions, by bookmark field.
protected function postProcessFoundPositions(array $fieldLengths, array $foundPositions): array
// Sort results by starting position ASC.
usort($foundPositions, function (array $entryA, array $entryB): int {
return $entryA['start'] > $entryB['start'] ? 1 : -1;
$out = [];
$currentMax = -1;
foreach ($foundPositions as $foundPosition) {
// we do not allow overlapping highlights
if ($foundPosition['start'] < $currentMax) {
$currentMax = $foundPosition['end'];
foreach ($fieldLengths as $part => $length) {
if ($foundPosition['start'] < $length['start'] || $foundPosition['start'] > $length['end']) {
$out[$part][] = [
'start' => $foundPosition['start'] - $length['start'],
'end' => $foundPosition['end'] - $length['start'],
return $out;
* Concatenate link fields to search across fields. Adds a '\' separator for exact search terms.
* Also populate $length array with starting and ending positions of every bookmark field
* inside concatenated content.
* @param Bookmark $link
* @param array $lengths (by reference)
* @return string Lowercase concatenated fields content.
protected function buildFullTextSearchableLink(Bookmark $link, array &$lengths): string
$tagString = $link->getTagsString($this->conf->get('general.tags_separator', ' '));
$content = mb_convert_case($link->getTitle(), MB_CASE_LOWER, 'UTF-8') . '\\';
$content .= mb_convert_case($link->getDescription(), MB_CASE_LOWER, 'UTF-8') . '\\';
$content .= mb_convert_case($link->getUrl(), MB_CASE_LOWER, 'UTF-8') . '\\';
$content .= mb_convert_case($tagString, MB_CASE_LOWER, 'UTF-8') . '\\';
$lengths['title'] = ['start' => 0, 'end' => mb_strlen($link->getTitle())];
$nextField = $lengths['title']['end'] + 1;
$lengths['description'] = ['start' => $nextField, 'end' => $nextField + mb_strlen($link->getDescription())];
$nextField = $lengths['description']['end'] + 1;
$lengths['url'] = ['start' => $nextField, 'end' => $nextField + mb_strlen($link->getUrl())];
$nextField = $lengths['url']['end'] + 1;
$lengths['tags'] = ['start' => $nextField, 'end' => $nextField + mb_strlen($tagString)];
return $content;

View file

@ -1,177 +0,0 @@
namespace Shaarli\Bookmark;
use malkusch\lock\exception\LockAcquireException;
use malkusch\lock\mutex\Mutex;
use malkusch\lock\mutex\NoMutex;
use Shaarli\Bookmark\Exception\DatastoreNotInitializedException;
use Shaarli\Bookmark\Exception\EmptyDataStoreException;
use Shaarli\Bookmark\Exception\InvalidWritableDataException;
use Shaarli\Bookmark\Exception\NotEnoughSpaceException;
use Shaarli\Bookmark\Exception\NotWritableDataStoreException;
use Shaarli\Config\ConfigManager;
* Class BookmarkIO
* This class performs read/write operation to the file data store.
* Used by BookmarkFileService.
* @package Shaarli\Bookmark
class BookmarkIO
* @var string Datastore file path
protected $datastore;
* @var ConfigManager instance
protected $conf;
/** @var Mutex */
protected $mutex;
* string Datastore PHP prefix
protected static $phpPrefix = '<?php /* ';
* string Datastore PHP suffix
protected static $phpSuffix = ' */ ?>';
* LinksIO constructor.
* @param ConfigManager $conf instance
public function __construct(ConfigManager $conf, Mutex $mutex = null)
if ($mutex === null) {
// This should only happen with legacy classes
$mutex = new NoMutex();
$this->conf = $conf;
$this->datastore = $conf->get('resource.datastore');
$this->mutex = $mutex;
* Reads database from disk to memory
* @return Bookmark[]
* @throws NotWritableDataStoreException Data couldn't be loaded
* @throws EmptyDataStoreException Datastore file exists but does not contain any bookmark
* @throws DatastoreNotInitializedException File does not exists
public function read()
if (! file_exists($this->datastore)) {
throw new DatastoreNotInitializedException();
if (!is_writable($this->datastore)) {
throw new NotWritableDataStoreException($this->datastore);
$content = null;
$this->synchronized(function () use (&$content) {
$content = file_get_contents($this->datastore);
// Note that gzinflate is faster than gzuncompress.
// See:
$links = unserialize(gzinflate(base64_decode(
substr($content, strlen(self::$phpPrefix), -strlen(self::$phpSuffix))
if (empty($links)) {
if (filesize($this->datastore) > 100) {
throw new NotWritableDataStoreException($this->datastore);
throw new EmptyDataStoreException();
return $links;
* Saves the database from memory to disk
* @param Bookmark[] $links
* @throws NotWritableDataStoreException the datastore is not writable
* @throws InvalidWritableDataException
public function write($links)
if (is_file($this->datastore) && !is_writeable($this->datastore)) {
// The datastore exists but is not writeable
throw new NotWritableDataStoreException($this->datastore);
} elseif (!is_file($this->datastore) && !is_writeable(dirname($this->datastore))) {
// The datastore does not exist and its parent directory is not writeable
throw new NotWritableDataStoreException(dirname($this->datastore));
$data = base64_encode(gzdeflate(serialize($links)));
if (empty($data)) {
throw new InvalidWritableDataException();
$data = self::$phpPrefix . $data . self::$phpSuffix;
$this->synchronized(function () use ($data) {
if (!$this->checkDiskSpace($data)) {
throw new NotEnoughSpaceException();
* Wrapper applying mutex to provided function.
* If the lock can't be acquired (e.g. some shared hosting provider), we execute the function without mutex.
* @see
* @param callable $function
protected function synchronized(callable $function): void
try {
} catch (LockAcquireException $exception) {
* Make sure that there is enough disk space available to save the current data store.
* We add an arbitrary margin of 500kB.
* @param string $data to be saved
* @return bool True if data can safely be saved
public function checkDiskSpace(string $data): bool
if (function_exists('disk_free_space') === false) {
return true;
return disk_free_space(dirname($this->datastore)) > (strlen($data) + 1024 * 500);

View file

@ -1,115 +0,0 @@
namespace Shaarli\Bookmark;
* Class BookmarkInitializer
* This class is used to initialized default bookmarks after a fresh install of Shaarli.
* It should be only called if the datastore file does not exist(users might want to delete the default bookmarks).
* To prevent data corruption, it does not overwrite existing bookmarks,
* even though there should not be any.
* We disable this because otherwise it creates indentation issues, and heredoc is not supported by PHP gettext.
* @phpcs:disable Generic.Files.LineLength.TooLong
* @package Shaarli\Bookmark
class BookmarkInitializer
/** @var BookmarkServiceInterface */
protected $bookmarkService;
* BookmarkInitializer constructor.
* @param BookmarkServiceInterface $bookmarkService
public function __construct(BookmarkServiceInterface $bookmarkService)
$this->bookmarkService = $bookmarkService;
* Initialize the data store with default bookmarks
public function initialize(): void
$bookmark = new Bookmark();
$bookmark->setTitle('Calm Jazz Music - YouTube ' . t('(private bookmark with thumbnail demo)'));
'Shaarli will automatically pick up the thumbnail for links to a variety of websites.
Explore your new Shaarli instance by trying out controls and menus.
Visit the project on [Github]( or [the documentation]( to learn more about Shaarli.
Now you can edit or delete the default shaares.
$bookmark->setTagsString('shaarli help thumbnail');
$this->bookmarkService->add($bookmark, false);
$bookmark = new Bookmark();
$bookmark->setTitle(t('Note: Shaare descriptions'));
'Adding a shaare without entering a URL creates a text-only "note" post such as this one.
This note is private, so you are the only one able to see it while logged in.
You can use this to keep notes, post articles, code snippets, and much more.
The Markdown formatting setting allows you to format your notes and bookmark description:
### Title headings
#### Multiple headings levels
* bullet lists
* _italic_ text
* **bold** text
* ~~strike through~~ text
* `code` blocks
* images
* [links](
Markdown also supports tables:
| Name | Type | Color | Qty |
| ------- | --------- | ------ | ----- |
| Orange | Fruit | Orange | 126 |
| Apple | Fruit | Any | 62 |
| Lemon | Fruit | Yellow | 30 |
| Carrot | Vegetable | Red | 14 |
$bookmark->setTagsString('shaarli help');
$this->bookmarkService->add($bookmark, false);
$bookmark = new Bookmark();
'Shaarli - ' . t('The personal, minimalist, super fast, database-free, bookmarking service')
'Welcome to Shaarli!
Shaarli allows you to bookmark your favorite pages, and share them with others or store them privately.
You can add a description to your bookmarks, such as this one, and tag them.
Create a new shaare by clicking the `+Shaare` button, or using any of the recommended tools (browser extension, mobile app, bookmarklet, REST API, etc.).
You can easily retrieve your links, even with thousands of them, using the internal search engine, or search through tags (e.g. this Shaare is tagged with `shaarli` and `help`).
Hashtags such as #shaarli #help are also supported.
You can also filter the available [RSS feed](/feed/atom) and picture wall by tag or plaintext search.
We hope that you will enjoy using Shaarli, maintained with ❤️ by the community!
Feel free to open [an issue]( if you have a suggestion or encounter an issue.
$bookmark->setTagsString('shaarli help');
$this->bookmarkService->add($bookmark, false);

View file

@ -1,189 +0,0 @@
namespace Shaarli\Bookmark;
use Shaarli\Bookmark\Exception\BookmarkNotFoundException;
use Shaarli\Bookmark\Exception\NotWritableDataStoreException;
* Class BookmarksService
* This is the entry point to manipulate the bookmark DB.
* Regarding return types of a list of bookmarks, it can either be an array or an ArrayAccess implementation,
* so until PHP 8.0 is the minimal supported version with union return types it cannot be explicitly added.
interface BookmarkServiceInterface
* Find a bookmark by hash
* @param string $hash Bookmark's hash
* @param string|null $privateKey Optional key used to access private links while logged out
* @return Bookmark
* @throws \Exception
public function findByHash(string $hash, string $privateKey = null);
* @param $url
* @return Bookmark|null
public function findByUrl(string $url): ?Bookmark;
* Search bookmarks
* @param array $request
* @param ?string $visibility
* @param bool $caseSensitive
* @param bool $untaggedOnly
* @param bool $ignoreSticky
* @param array $pagination This array can contain the following keys for pagination: limit, offset.
* @return SearchResult
public function search(
array $request = [],
string $visibility = null,
bool $caseSensitive = false,
bool $untaggedOnly = false,
bool $ignoreSticky = false,
array $pagination = []
): SearchResult;
* Get a single bookmark by its ID.
* @param int $id Bookmark ID
* @param ?string $visibility all|public|private e.g. with public, accessing a private bookmark will throw an
* exception
* @return Bookmark
* @throws BookmarkNotFoundException
* @throws \Exception
public function get(int $id, string $visibility = null);
* Updates an existing bookmark (depending on its ID).
* @param Bookmark $bookmark
* @param bool $save Writes to the datastore if set to true
* @return Bookmark Updated bookmark
* @throws BookmarkNotFoundException
* @throws \Exception
public function set(Bookmark $bookmark, bool $save = true): Bookmark;
* Adds a new bookmark (the ID must be empty).
* @param Bookmark $bookmark
* @param bool $save Writes to the datastore if set to true
* @return Bookmark new bookmark
* @throws \Exception
public function add(Bookmark $bookmark, bool $save = true): Bookmark;
* Adds or updates a bookmark depending on its ID:
* - a Bookmark without ID will be added
* - a Bookmark with an existing ID will be updated
* @param Bookmark $bookmark
* @param bool $save
* @return Bookmark
* @throws \Exception
public function addOrSet(Bookmark $bookmark, bool $save = true): Bookmark;
* Deletes a bookmark.
* @param Bookmark $bookmark
* @param bool $save
* @throws \Exception
public function remove(Bookmark $bookmark, bool $save = true): void;
* Get a single bookmark by its ID.
* @param int $id Bookmark ID
* @param ?string $visibility all|public|private e.g. with public, accessing a private bookmark will throw an
* exception
* @return bool
public function exists(int $id, string $visibility = null): bool;
* Return the number of available bookmarks for given visibility.
* @param ?string $visibility public|private|all
* @return int Number of bookmarks
public function count(string $visibility = null): int;
* Write the datastore.
* @throws NotWritableDataStoreException
public function save(): void;
* Returns the list tags appearing in the bookmarks with the given tags
* @param array|null $filteringTags tags selecting the bookmarks to consider
* @param string|null $visibility process only all/private/public bookmarks
* @return array tag => bookmarksCount
public function bookmarksCountPerTag(array $filteringTags = [], ?string $visibility = null): array;
* Return a list of bookmark matching provided period of time.
* It also update directly previous and next date outside of given period found in the datastore.
* @param \DateTimeInterface $from Starting date.
* @param \DateTimeInterface $to Ending date.
* @param \DateTimeInterface|null $previous (by reference) updated with first created date found before $from.
* @param \DateTimeInterface|null $next (by reference) updated with first created date found after $to.
* @return array List of bookmarks matching provided period of time.
public function findByDate(
\DateTimeInterface $from,
\DateTimeInterface $to,
?\DateTimeInterface &$previous,
?\DateTimeInterface &$next
): array;
* Returns the latest bookmark by creation date.
* @return Bookmark|null Found Bookmark or null if the datastore is empty.
public function getLatest(): ?Bookmark;
* Creates the default database after a fresh install.
public function initialize(): void;

View file

@ -1,253 +0,0 @@
use Shaarli\Bookmark\Bookmark;
use Shaarli\Formatter\BookmarkDefaultFormatter;
* Extract title from an HTML document.
* @param string $html HTML content where to look for a title.
* @return bool|string Extracted title if found, false otherwise.
function html_extract_title($html)
if (preg_match('!<title.*?>(.*?)</title>!is', $html, $matches)) {
return trim(str_replace("\n", '', $matches[1]));
return false;
* Extract charset from HTTP header if it's defined.
* @param string $header HTTP header Content-Type line.
* @return bool|string Charset string if found (lowercase), false otherwise.
function header_extract_charset($header)
preg_match('/charset=["\']?([^; "\']+)/i', $header, $match);
if (! empty($match[1])) {
return strtolower(trim($match[1]));
return false;
* Extract charset HTML content (tag <meta charset>).
* @param string $html HTML content where to look for charset.
* @return bool|string Charset string if found, false otherwise.
function html_extract_charset($html)
// Get encoding specified in HTML header.
preg_match('#<meta .*charset=["\']?([^";\'>/]+)["\']? */?>#Usi', $html, $enc);
if (!empty($enc[1])) {
return strtolower($enc[1]);
return false;
* Extract meta tag from HTML content in either:
* - OpenGraph: <meta property="og:[tag]" ...>
* - Meta tag: <meta name="[tag]" ...>
* @param string $tag Name of the tag to retrieve.
* @param string $html HTML content where to look for charset.
* @return bool|string Charset string if found, false otherwise.
function html_extract_tag($tag, $html)
$propertiesKey = ['property', 'name', 'itemprop'];
$properties = implode('|', $propertiesKey);
// We need a OR here to accept either 'property=og:noquote' or 'property="og:unrelated og:my-tag"'
$orCondition = '["\']?(?:og:)?' . $tag . '["\']?|["\'][^\'"]*?(?:og:)?' . $tag . '[^\'"]*?[\'"]';
// Support quotes in double quoted content, and the other way around
$content = 'content=(["\'])((?:(?!\1).)*)\1';
// Try to retrieve OpenGraph tag.
$ogRegex = '#<meta[^>]+(?:' . $properties . ')=(?:' . $orCondition . ')[^>]*' . $content . '.*?>#';
// If the attributes are not in the order property => content (e.g. Github)
// New regex to keep this readable... more or less.
$ogRegexReverse = '#<meta[^>]+' . $content . '[^>]+(?:' . $properties . ')=(?:' . $orCondition . ').*?>#';
if (
preg_match($ogRegex, $html, $matches) > 0
|| preg_match($ogRegexReverse, $html, $matches) > 0
) {
return $matches[2];
return false;
* In a string, converts URLs to clickable bookmarks.
* @param string $text input string.
* @return string returns $text with all bookmarks converted to HTML bookmarks.
* @see Function inspired from
function text2clickable($text)
$regex = '!(((?:https?|ftp|file)://|apt:|magnet:)\S+[a-z0-9\(\)]/?)!si';
$format = function (array $match): string {
return '<a href="' .
str_replace(BookmarkDefaultFormatter::SEARCH_HIGHLIGHT_CLOSE, '', $match[1])
) .
'">' . $match[1] . '</a>'
return preg_replace_callback($regex, $format, $text);
* Auto-link hashtags.
* @param string $description Given description.
* @param string $indexUrl Root URL.
* @return string Description with auto-linked hashtags.
function hashtag_autolink($description, $indexUrl = '')
$tokens = '(?:' . BookmarkDefaultFormatter::SEARCH_HIGHLIGHT_OPEN . ')' .
'(?:' . BookmarkDefaultFormatter::SEARCH_HIGHLIGHT_CLOSE . ')'
* To support unicode:
* \p{Pc} - to match underscore
* \p{N} - numeric character in any script
* \p{L} - letter from any language
* \p{Mn} - any non marking space (accents, umlauts, etc)
$regex = '/(^|\s)#([\p{Pc}\p{N}\p{L}\p{Mn}' . $tokens . ']+)/mui';
$format = function (array $match) use ($indexUrl): string {
$cleanMatch = str_replace(
str_replace(BookmarkDefaultFormatter::SEARCH_HIGHLIGHT_CLOSE, '', $match[2])
return $match[1] . '<a href="' . $indexUrl . './add-tag/' . $cleanMatch . '"' .
' title="Hashtag ' . $cleanMatch . '">' .
'#' . $match[2] .
return preg_replace_callback($regex, $format, $description);
* This function inserts &nbsp; where relevant so that multiple spaces are properly displayed in HTML
* even in the absence of <pre> (This is used in description to keep text formatting).
* @param string $text input text.
* @return string formatted text.
function space2nbsp($text)
return preg_replace('/(^| ) /m', '$1&nbsp;', $text);
* Format Shaarli's description
* @param string $description shaare's description.
* @param string $indexUrl URL to Shaarli's index.
* @param bool $autolink Turn on/off automatic linkifications of URLs and hashtags
* @return string formatted description.
function format_description($description, $indexUrl = '', $autolink = true)
if ($autolink) {
$description = hashtag_autolink(text2clickable($description), $indexUrl);
return nl2br(space2nbsp($description));
* Generate a small hash for a link.
* @param DateTime $date Link creation date.
* @param int $id Link ID.
* @return string the small hash generated from link data.
function link_small_hash($date, $id)
return smallHash($date->format(Bookmark::LINK_DATE_FORMAT) . $id);
* Returns whether or not the link is an internal note.
* Its URL starts by `?` because it's actually a permalink.
* @param string $linkUrl
* @return bool true if internal note, false otherwise.
function is_note($linkUrl)
return isset($linkUrl[0]) && $linkUrl[0] === '?';
* Extract an array of tags from a given tag string, with provided separator.
* @param string|null $tags String containing a list of tags separated by $separator.
* @param string $separator Shaarli's default: ' ' (whitespace)
* @return array List of tags
function tags_str2array(?string $tags, string $separator): array
// For whitespaces, we use the special \s regex character
$separator = str_replace([' ', '/'], ['\s', '\/'], $separator);
return preg_split('/\s*' . $separator . '+\s*/', trim($tags ?? ''), -1, PREG_SPLIT_NO_EMPTY) ?: [];
* Return a tag string with provided separator from a list of tags.
* Note that given array is clean up by tags_filter().
* @param array|null $tags List of tags
* @param string $separator
* @return string
function tags_array2str(?array $tags, string $separator): string
return implode($separator, tags_filter($tags, $separator));
* Clean an array of tags: trim + remove empty entries
* @param array|null $tags List of tags
* @param string $separator
* @return array
function tags_filter(?array $tags, string $separator): array
$trimDefault = " \t\n\r\0\x0B";
return array_values(array_filter(array_map(function (string $entry) use ($separator, $trimDefault): string {
return trim($entry, $trimDefault . $separator);
}, $tags ?? [])));

namespace Shaarli\Bookmark;
* Read-only class used to represent search result, including pagination.
class SearchResult
/** @var Bookmark[] List of result bookmarks with pagination applied */
protected $bookmarks;
/** @var int number of Bookmarks found, with pagination applied */
protected $resultCount;
/** @var int total number of result found */
protected $totalCount;
/** @var int pagination: limit number of result bookmarks */
protected $limit;
/** @var int pagination: offset to apply to complete result list */
protected $offset;
public function __construct(array $bookmarks, int $totalCount, int $offset, ?int $limit)
$this->bookmarks = $bookmarks;
$this->resultCount = count($bookmarks);
$this->totalCount = $totalCount;
$this->limit = $limit;
$this->offset = $offset;
* Build a SearchResult from provided full result set and pagination settings.
* @param Bookmark[] $bookmarks Full set of result which will be filtered
* @param int $offset Start recording results from $offset
* @param int|null $limit End recording results after $limit bookmarks is reached
* @param bool $allowOutOfBounds Set to false to display the last page if the offset is out of bound,
* return empty result set otherwise (default: false)
* @return SearchResult
public static function getSearchResult(
int $offset = 0,
?int $limit = null,
bool $allowOutOfBounds = false
): self {
$totalCount = count($bookmarks);
if (!$allowOutOfBounds && $offset > $totalCount) {
$offset = $limit === null ? 0 : $limit * -1;
if ($bookmarks instanceof BookmarkArray) {
$buffer = [];
foreach ($bookmarks as $key => $value) {
$buffer[$key] = $value;
$bookmarks = $buffer;
return new static(
array_slice($bookmarks, $offset, $limit, true),
/** @return Bookmark[] List of result bookmarks with pagination applied */
public function getBookmarks(): array
return $this->bookmarks;
/** @return int number of Bookmarks found, with pagination applied */
public function getResultCount(): int
return $this->resultCount;
/** @return int total number of result found */
public function getTotalCount(): int
return $this->totalCount;
/** @return int pagination: limit number of result bookmarks */
public function getLimit(): ?int
return $this->limit;
/** @return int pagination: offset to apply to complete result list */
public function getOffset(): int
return $this->offset;
/** @return int Current page of result set in complete results */
public function getPage(): int
if (empty($this->limit)) {
return $this->offset === 0 ? 1 : 2;
$base = $this->offset >= 0 ? $this->offset : $this->totalCount + $this->offset;
return (int) ceil($base / $this->limit) + 1;
/** @return int Get the # of the last page */
public function getLastPage(): int
if (empty($this->limit)) {
return $this->offset === 0 ? 1 : 2;
return (int) ceil($this->totalCount / $this->limit);
/** @return bool Either the current page is the last one or not */
public function isLastPage(): bool
return $this->getPage() === $this->getLastPage();
/** @return bool Either the current page is the first one or not */
public function isFirstPage(): bool
return $this->offset === 0;

namespace Shaarli\Bookmark\Exception;
use Exception;
class BookmarkNotFoundException extends Exception
* LinkNotFoundException constructor.
public function __construct()
$this->message = t('The link you are trying to reach does not exist or has been deleted.');

namespace Shaarli\Bookmark\Exception;
class DatastoreNotInitializedException extends \Exception

View file

@ -1,7 +0,0 @@
namespace Shaarli\Bookmark\Exception;
class EmptyDataStoreException extends \Exception

namespace Shaarli\Bookmark\Exception;
use Shaarli\Bookmark\Bookmark;
class InvalidBookmarkException extends \Exception
public function __construct($bookmark)
if ($bookmark instanceof Bookmark) {
if ($bookmark->getCreated() instanceof \DateTime) {
$created = $bookmark->getCreated()->format(\DateTime::ATOM);
} elseif (empty($bookmark->getCreated())) {
$created = '';
} else {
$created = 'Not a DateTime object';
$this->message = 'This bookmark is not valid' . PHP_EOL;
$this->message .= ' - ID: ' . $bookmark->getId() . PHP_EOL;
$this->message .= ' - Title: ' . $bookmark->getTitle() . PHP_EOL;
$this->message .= ' - Url: ' . $bookmark->getUrl() . PHP_EOL;
$this->message .= ' - ShortUrl: ' . $bookmark->getShortUrl() . PHP_EOL;
$this->message .= ' - Created: ' . $created . PHP_EOL;
} else {
$this->message = 'The provided data is not a bookmark' . PHP_EOL;
$this->message .= var_export($bookmark, true);

namespace Shaarli\Bookmark\Exception;
class InvalidWritableDataException extends \Exception
* InvalidWritableDataException constructor.
public function __construct()
$this->message = 'Couldn\'t generate bookmark data to store in the datastore. Skipping file writing.';

namespace Shaarli\Bookmark\Exception;
class NotEnoughSpaceException extends \Exception
* NotEnoughSpaceException constructor.
public function __construct()
$this->message = 'Not enough available disk space to save the datastore.';

namespace Shaarli\Bookmark\Exception;
class NotWritableDataStoreException extends \Exception
* NotReadableDataStore constructor.
* @param string $dataStore file path
public function __construct($dataStore)
$this->message = 'Couldn\'t load data from the data store file "' . $dataStore . '". ' .
'Your data might be corrupted, or your file isn\'t readable.';

namespace Shaarli\Config;
* Interface ConfigIO
* This describes how Config types should store their configuration.
interface ConfigIO
* Read configuration.
* @param string $filepath Config file absolute path.
* @return array All configuration in an array.
public function read($filepath);
* Write configuration.
* @param string $filepath Config file absolute path.
* @param array $conf All configuration in an array.
public function write($filepath, $conf);
* Get config file extension according to config type.
* @return string Config file extension.
public function getExtension();

namespace Shaarli\Config;
* Class ConfigJson (ConfigIO implementation)
* Handle Shaarli's JSON configuration file.
class ConfigJson implements ConfigIO
* @inheritdoc
public function read($filepath)
if (! is_readable($filepath)) {
return array();
$data = file_get_contents($filepath);
$data = str_replace(self::getPhpHeaders(), '', $data);
$data = str_replace(self::getPhpSuffix(), '', $data);
$data = json_decode(trim($data), true);
if ($data === null) {
$errorCode = json_last_error();
$error = sprintf(
'An error occurred while parsing JSON configuration file (%s): error code #%d',
$error .= '<br>➜ <code>' . json_last_error_msg() .'</code>';
if ($errorCode === JSON_ERROR_SYNTAX) {
$error .= '<br>';
$error .= 'Please check your JSON syntax (without PHP comment tags) using a JSON lint tool such as ';
$error .= '<a href=""></a>.';
throw new \Exception($error);
return $data;
* @inheritdoc
public function write($filepath, $conf)
// JSON_PRETTY_PRINT is available from PHP 5.4.
$print = defined('JSON_PRETTY_PRINT') ? JSON_PRETTY_PRINT : 0;
$data = self::getPhpHeaders() . json_encode($conf, $print) . self::getPhpSuffix();
if (empty($filepath) || !file_put_contents($filepath, $data)) {
throw new \Shaarli\Exceptions\IOException(
t('Shaarli could not create the config file. '.
'Please make sure Shaarli has the right to write in the folder is it installed in.')
* @inheritdoc
public function getExtension()
return '.json.php';
* The JSON data is wrapped in a PHP file for security purpose.
* This way, even if the file is accessible, credentials and configuration won't be exposed.
* Note: this isn't a static field because concatenation isn't supported in field declaration before PHP 5.6.
* @return string PHP start tag and comment tag.
public static function getPhpHeaders()
return '<?php /*';
* Get PHP comment closing tags.
* Static method for consistency with getPhpHeaders.
* @return string PHP comment closing.
public static function getPhpSuffix()
return '*/ ?>';

namespace Shaarli\Config;
use Shaarli\Config\Exception\MissingFieldConfigException;
use Shaarli\Config\Exception\UnauthorizedConfigException;
use Shaarli\Thumbnailer;
* Class ConfigManager
* Manages all Shaarli's settings.
* See the documentation for more information on settings:
* - doc/md/
* -
class ConfigManager
* @var string Flag telling a setting is not found.
protected static $NOT_FOUND = 'NOT_FOUND';
public static $DEFAULT_PLUGINS = ['qrcode'];
* @var string Config folder.
protected $configFile;
* @var array Loaded config array.
protected $loadedConfig;
* @var ConfigIO implementation instance.
protected $configIO;
* Constructor.
* @param string $configFile Configuration file path without extension.
public function __construct($configFile = 'data/config')
$this->configFile = $configFile;
* Reset the ConfigManager instance.
public function reset()
* Rebuild the loaded config array from config files.
public function reload()
* Initialize the ConfigIO and loaded the conf.
protected function initialize()
if (file_exists($this->configFile . '.php')) {
$this->configIO = new ConfigPhp();
} else {
$this->configIO = new ConfigJson();
* Load configuration in the ConfigurationManager.
protected function load()
try {
$this->loadedConfig = $this->configIO->read($this->getConfigFileExt());
} catch (\Exception $e) {
* Get a setting.
* Supports nested settings with dot separated keys.
* Eg. 'config.stuff.option' will find $conf[config][stuff][option],
* or in JSON:
* { "config": { "stuff": {"option": "mysetting" } } } }
* @param string $setting Asked setting, keys separated with dots.
* @param string $default Default value if not found.
* @return mixed Found setting, or the default value.
public function get($setting, $default = '')
// During the ConfigIO transition, map legacy settings to the new ones.
if ($this->configIO instanceof ConfigPhp && isset(ConfigPhp::$LEGACY_KEYS_MAPPING[$setting])) {
$setting = ConfigPhp::$LEGACY_KEYS_MAPPING[$setting];
$settings = explode('.', $setting);
$value = self::getConfig($settings, $this->loadedConfig);
if ($value === self::$NOT_FOUND) {
return $default;
return $value;
* Set a setting, and eventually write it.
* Supports nested settings with dot separated keys.
* @param string $setting Asked setting, keys separated with dots.
* @param mixed $value Value to set.
* @param bool $write Write the new setting in the config file, default false.
* @param bool $isLoggedIn User login state, default false.
* @throws \Exception Invalid
public function set($setting, $value, $write = false, $isLoggedIn = false)
if (empty($setting) || ! is_string($setting)) {
throw new \Exception(t('Invalid setting key parameter. String expected, got: ') . gettype($setting));
// During the ConfigIO transition, map legacy settings to the new ones.
if ($this->configIO instanceof ConfigPhp && isset(ConfigPhp::$LEGACY_KEYS_MAPPING[$setting])) {
$setting = ConfigPhp::$LEGACY_KEYS_MAPPING[$setting];
$settings = explode('.', $setting);
self::setConfig($settings, $value, $this->loadedConfig);
if ($write) {
* Remove a config element from the config file.
* @param string $setting Asked setting, keys separated with dots.
* @param bool $write Write the new setting in the config file, default false.
* @param bool $isLoggedIn User login state, default false.
* @throws \Exception Invalid
public function remove($setting, $write = false, $isLoggedIn = false)
if (empty($setting) || ! is_string($setting)) {
throw new \Exception(t('Invalid setting key parameter. String expected, got: ') . gettype($setting));
// During the ConfigIO transition, map legacy settings to the new ones.
if ($this->configIO instanceof ConfigPhp && isset(ConfigPhp::$LEGACY_KEYS_MAPPING[$setting])) {
$setting = ConfigPhp::$LEGACY_KEYS_MAPPING[$setting];
$settings = explode('.', $setting);
self::removeConfig($settings, $this->loadedConfig);
if ($write) {
* Check if a settings exists.
* Supports nested settings with dot separated keys.
* @param string $setting Asked setting, keys separated with dots.
* @return bool true if the setting exists, false otherwise.
public function exists($setting)
// During the ConfigIO transition, map legacy settings to the new ones.
if ($this->configIO instanceof ConfigPhp && isset(ConfigPhp::$LEGACY_KEYS_MAPPING[$setting])) {
$setting = ConfigPhp::$LEGACY_KEYS_MAPPING[$setting];
$settings = explode('.', $setting);
$value = self::getConfig($settings, $this->loadedConfig);
if ($value === self::$NOT_FOUND) {
return false;
return true;
* Call the config writer.
* @param bool $isLoggedIn User login state.
* @return bool True if the configuration has been successfully written, false otherwise.
* @throws MissingFieldConfigException: a mandatory field has not been provided in $conf.
* @throws UnauthorizedConfigException: user is not authorize to change configuration.
* @throws \Shaarli\Exceptions\IOException: an error occurred while writing the new config file.
public function write($isLoggedIn)
// These fields are required in configuration.
$mandatoryFields = [
// Only logged in user can alter config.
if (is_file($this->getConfigFileExt()) && !$isLoggedIn) {
throw new UnauthorizedConfigException();
// Check that all mandatory fields are provided in $conf.
foreach ($mandatoryFields as $field) {
if (! $this->exists($field)) {
throw new MissingFieldConfigException($field);
return $this->configIO->write($this->getConfigFileExt(), $this->loadedConfig);
* Set the config file path (without extension).
* @param string $configFile File path.
public function setConfigFile($configFile)
$this->configFile = $configFile;
* Return the configuration file path (without extension).
* @return string Config path.
public function getConfigFile()
return $this->configFile;
* Get the configuration file path with its extension.
* @return string Config file path.
public function getConfigFileExt()
return $this->configFile . $this->configIO->getExtension();
* Recursive function which find asked setting in the loaded config.
* @param array $settings Ordered array which contains keys to find.
* @param array $conf Loaded settings, then sub-array.
* @return mixed Found setting or NOT_FOUND flag.
protected static function getConfig($settings, $conf)
if (!is_array($settings) || count($settings) == 0) {
return self::$NOT_FOUND;
$setting = array_shift($settings);
if (!isset($conf[$setting])) {
return self::$NOT_FOUND;
if (count($settings) > 0) {
return self::getConfig($settings, $conf[$setting]);
return $conf[$setting];
* Recursive function which find asked setting in the loaded config.
* @param array $settings Ordered array which contains keys to find.
* @param mixed $value
* @param array $conf Loaded settings, then sub-array.
* @return mixed Found setting or NOT_FOUND flag.
protected static function setConfig($settings, $value, &$conf)
if (!is_array($settings) || count($settings) == 0) {
return self::$NOT_FOUND;
$setting = array_shift($settings);
if (count($settings) > 0) {
return self::setConfig($settings, $value, $conf[$setting]);
$conf[$setting] = $value;
* Recursive function which find asked setting in the loaded config and deletes it.
* @param array $settings Ordered array which contains keys to find.
* @param array $conf Loaded settings, then sub-array.
* @return mixed Found setting or NOT_FOUND flag.
protected static function removeConfig($settings, &$conf)
if (!is_array($settings) || count($settings) == 0) {
return self::$NOT_FOUND;
$setting = array_shift($settings);
if (count($settings) > 0) {
return self::removeConfig($settings, $conf[$setting]);
* Set a bunch of default values allowing Shaarli to start without a config file.
protected function setDefaultValues()
$this->setEmpty('resource.data_dir', 'data');
$this->setEmpty('resource.config', 'data/config.php');
$this->setEmpty('resource.datastore', 'data/datastore.php');
$this->setEmpty('resource.ban_file', 'data/ipbans.php');
$this->setEmpty('resource.updates', 'data/updates.txt');
$this->setEmpty('resource.log', 'data/log.txt');
$this->setEmpty('resource.update_check', 'data/lastupdatecheck.txt');
$this->setEmpty('resource.history', 'data/history.php');
$this->setEmpty('resource.raintpl_tpl', 'tpl/');
$this->setEmpty('resource.theme', 'default');
$this->setEmpty('resource.raintpl_tmp', 'tmp/');
$this->setEmpty('resource.thumbnails_cache', 'cache');
$this->setEmpty('resource.page_cache', 'pagecache');
$this->setEmpty('security.ban_after', 4);
$this->setEmpty('security.ban_duration', 1800);
$this->setEmpty('security.session_protection_disabled', false);
$this->setEmpty('security.open_shaarli', false);
$this->setEmpty('security.allowed_protocols', ['ftp', 'ftps', 'magnet']);
$this->setEmpty('general.header_link', '/');
$this->setEmpty('general.links_per_page', 20);
$this->setEmpty('general.enabled_plugins', self::$DEFAULT_PLUGINS);
$this->setEmpty('general.default_note_title', 'Note: ');
$this->setEmpty('general.retrieve_description', true);
$this->setEmpty('general.enable_async_metadata', true);
$this->setEmpty('general.tags_separator', ' ');
$this->setEmpty('updates.check_updates', true);
$this->setEmpty('updates.check_updates_branch', 'latest');
$this->setEmpty('updates.check_updates_interval', 86400);
$this->setEmpty('feed.rss_permalinks', true);
$this->setEmpty('feed.show_atom', true);
$this->setEmpty('privacy.default_private_links', false);
$this->setEmpty('privacy.hide_public_links', false);
$this->setEmpty('privacy.force_login', false);
$this->setEmpty('privacy.hide_timestamps', false);
// default state of the 'remember me' checkbox of the login form
$this->setEmpty('privacy.remember_user_default', true);
$this->setEmpty('thumbnails.mode', Thumbnailer::MODE_ALL);
$this->setEmpty('thumbnails.width', '125');
$this->setEmpty('thumbnails.height', '90');
$this->setEmpty('translation.language', 'auto');
$this->setEmpty('translation.mode', 'php');
$this->setEmpty('translation.extensions', []);
$this->setEmpty('plugins', []);
$this->setEmpty('formatter', 'markdown');
* Set only if the setting does not exists.
* @param string $key Setting key.
* @param mixed $value Setting value.
public function setEmpty($key, $value)
if (! $this->exists($key)) {
$this->set($key, $value);
* @return ConfigIO
public function getConfigIO()
return $this->configIO;
* @param ConfigIO $configIO
public function setConfigIO($configIO)
$this->configIO = $configIO;

namespace Shaarli\Config;
* Class ConfigPhp (ConfigIO implementation)
* Handle Shaarli's legacy PHP configuration file.
* Note: this is only designed to support the transition to JSON configuration.
class ConfigPhp implements ConfigIO
* @var array List of config key without group.
public static $ROOT_KEYS = [
* Map legacy config keys with the new ones.
* If ConfigPhp is used, getting <newkey> will actually look for <legacykey>.
* The updater will use this array to transform keys when switching to JSON.
* @var array current key => legacy key.
public static $LEGACY_KEYS_MAPPING = [
'credentials.login' => 'login',
'credentials.hash' => 'hash',
'credentials.salt' => 'salt',
'resource.data_dir' => 'config.DATADIR',
'resource.config' => 'config.CONFIG_FILE',
'resource.datastore' => 'config.DATASTORE',
'resource.updates' => 'config.UPDATES_FILE',
'resource.log' => 'config.LOG_FILE',
'resource.update_check' => 'config.UPDATECHECK_FILENAME',
'resource.raintpl_tpl' => 'config.RAINTPL_TPL',
'resource.theme' => 'config.theme',
'resource.raintpl_tmp' => 'config.RAINTPL_TMP',
'resource.thumbnails_cache' => 'config.CACHEDIR',
'resource.page_cache' => 'config.PAGECACHE',
'resource.ban_file' => 'config.IPBANS_FILENAME',
'security.session_protection_disabled' => 'disablesessionprotection',
'security.ban_after' => 'config.BAN_AFTER',
'security.ban_duration' => 'config.BAN_DURATION',
'general.title' => 'title',
'general.timezone' => 'timezone',
'general.header_link' => 'titleLink',
'updates.check_updates' => 'config.ENABLE_UPDATECHECK',
'updates.check_updates_branch' => 'config.UPDATECHECK_BRANCH',
'updates.check_updates_interval' => 'config.UPDATECHECK_INTERVAL',
'privacy.default_private_links' => 'privateLinkByDefault',
'feed.rss_permalinks' => 'config.ENABLE_RSS_PERMALINKS',
'general.links_per_page' => 'config.LINKS_PER_PAGE',
'thumbnail.enable_thumbnails' => 'config.ENABLE_THUMBNAILS',
'thumbnail.enable_localcache' => 'config.ENABLE_LOCALCACHE',
'general.enabled_plugins' => 'config.ENABLED_PLUGINS',
'redirector.url' => 'redirector',
'redirector.encode_url' => 'config.REDIRECTOR_URLENCODE',
'feed.show_atom' => 'config.SHOW_ATOM',
'privacy.hide_public_links' => 'config.HIDE_PUBLIC_LINKS',
'privacy.hide_timestamps' => 'config.HIDE_TIMESTAMPS',
'security.open_shaarli' => 'config.OPEN_SHAARLI',
* @inheritdoc
public function read($filepath)
if (! file_exists($filepath) || ! is_readable($filepath)) {
return [];
include $filepath;
$out = [];
foreach (self::$ROOT_KEYS as $key) {
$out[$key] = isset($GLOBALS[$key]) ? $GLOBALS[$key] : '';
$out['config'] = isset($GLOBALS['config']) ? $GLOBALS['config'] : [];
$out['plugins'] = isset($GLOBALS['plugins']) ? $GLOBALS['plugins'] : [];
return $out;
* @inheritdoc
public function write($filepath, $conf)
$configStr = '<?php ' . PHP_EOL;
foreach (self::$ROOT_KEYS as $key) {
if (isset($conf[$key])) {
$configStr .= '$GLOBALS[\'' . $key . '\'] = ' . var_export($conf[$key], true) . ';' . PHP_EOL;
// Store all $conf['config']
foreach ($conf['config'] as $key => $value) {
$configStr .= '$GLOBALS[\'config\'][\''
. $key
. '\'] = '
. var_export($conf['config'][$key], true) . ';'
if (isset($conf['plugins'])) {
foreach ($conf['plugins'] as $key => $value) {
$configStr .= '$GLOBALS[\'plugins\'][\''
. $key
. '\'] = '
. var_export($conf['plugins'][$key], true) . ';'
if (
!file_put_contents($filepath, $configStr)
|| strcmp(file_get_contents($filepath), $configStr) != 0
) {
throw new \Shaarli\Exceptions\IOException(
t('Shaarli could not create the config file. ' .
'Please make sure Shaarli has the right to write in the folder is it installed in.')
* @inheritdoc
public function getExtension()
return '.php';

use Shaarli\Config\Exception\PluginConfigOrderException;
use Shaarli\Plugin\PluginManager;
* Plugin configuration helper functions.
* Note: no access to configuration files here.
* Process plugin administration form data and save it in an array.
* @param array $formData Data sent by the plugin admin form.
* @return array New list of enabled plugin, ordered.
* @throws PluginConfigOrderException Plugins can't be sorted because their order is invalid.
function save_plugin_config($formData)
// We can only save existing plugins
$directories = str_replace(
PluginManager::$PLUGINS_PATH . '/',
glob(PluginManager::$PLUGINS_PATH . '/*')
$formData = array_filter(
function ($value, string $key) use ($directories) {
return startsWith($key, 'order') || in_array($key, $directories);
// Make sure there are no duplicates in orders.
if (!validate_plugin_order($formData)) {
throw new PluginConfigOrderException();
$plugins = [];
$newEnabledPlugins = [];
foreach ($formData as $key => $data) {
if (startsWith($key, 'order')) {
// If there is no order, it means a disabled plugin has been enabled.
if (isset($formData['order_' . $key])) {
$plugins[(int) $formData['order_' . $key]] = $key;
} else {
$newEnabledPlugins[] = $key;
// New enabled plugins will be added at the end of order.
$plugins = array_merge($plugins, $newEnabledPlugins);
// Sort plugins by order.
if (!ksort($plugins)) {
throw new PluginConfigOrderException();
$finalPlugins = [];
// Make plugins order continuous.
foreach ($plugins as $plugin) {
$finalPlugins[] = $plugin;
return $finalPlugins;
* Validate plugin array submitted.
* Will fail if there is duplicate orders value.
* @param array $formData Data from submitted form.
* @return bool true if ok, false otherwise.
function validate_plugin_order($formData)
$orders = [];
foreach ($formData as $key => $value) {
// No duplicate order allowed.
if (in_array($value, $orders, true)) {
return false;
if (startsWith($key, 'order')) {
$orders[] = $value;
return true;
* Affect plugin parameters values from the ConfigManager into plugins array.
* @param mixed $plugins Plugins array:
* $plugins[<plugin_name>]['parameters'][<param_name>] = [
* 'value' => <value>,
* 'desc' => <description>
* ]
* @param mixed $conf Plugins configuration.
* @return mixed Updated $plugins array.
function load_plugin_parameter_values($plugins, $conf)
$out = $plugins;
foreach ($plugins as $name => $plugin) {
if (empty($plugin['parameters'])) {
foreach ($plugin['parameters'] as $key => $param) {
if (!empty($conf[$key])) {
$out[$name]['parameters'][$key]['value'] = $conf[$key];
return $out;

namespace Shaarli\Config\Exception;
* Exception used if a mandatory field is missing in given configuration.
class MissingFieldConfigException extends \Exception
public $field;
* Construct exception.
* @param string $field field name missing.
public function __construct($field)
$this->field = $field;
$this->message = sprintf(t('Configuration value is required for %s'), $this->field);

namespace Shaarli\Config\Exception;
* Exception used if an error occur while saving plugin configuration.
class PluginConfigOrderException extends \Exception
* Construct exception.
public function __construct()
$this->message = t('An error occurred while trying to save plugins loading order.');

namespace Shaarli\Config\Exception;
* Exception used if an unauthorized attempt to edit configuration has been made.
class UnauthorizedConfigException extends \Exception
* Construct exception.
public function __construct()
$this->message = t('You are not authorized to alter config.');

namespace Shaarli\Container;
use malkusch\lock\mutex\FlockMutex;
use Psr\Log\LoggerInterface;
use Shaarli\Bookmark\BookmarkFileService;
use Shaarli\Bookmark\BookmarkServiceInterface;
use Shaarli\Config\ConfigManager;
use Shaarli\Feed\FeedBuilder;
use Shaarli\Formatter\FormatterFactory;
use Shaarli\Front\Controller\Visitor\ErrorController;
use Shaarli\Front\Controller\Visitor\ErrorNotFoundController;
use Shaarli\History;
use Shaarli\Http\HttpAccess;
use Shaarli\Http\MetadataRetriever;
use Shaarli\Netscape\NetscapeBookmarkUtils;
use Shaarli\Plugin\PluginManager;
use Shaarli\Render\PageBuilder;
use Shaarli\Render\PageCacheManager;
use Shaarli\Security\CookieManager;
use Shaarli\Security\LoginManager;
use Shaarli\Security\SessionManager;
use Shaarli\Thumbnailer;
use Shaarli\Updater\Updater;
use Shaarli\Updater\UpdaterUtils;
* Class ContainerBuilder
* Helper used to build a Slim container instance with Shaarli's object dependencies.
* Note that most injected objects MUST be added as closures, to let the container instantiate
* only the objects it requires during the execution.
* @package Container
class ContainerBuilder
/** @var ConfigManager */
protected $conf;
/** @var SessionManager */
protected $session;
/** @var CookieManager */
protected $cookieManager;
/** @var LoginManager */
protected $login;
/** @var PluginManager */
protected $pluginManager;
/** @var LoggerInterface */
protected $logger;
/** @var string|null */
protected $basePath = null;
public function __construct(
ConfigManager $conf,
SessionManager $session,
CookieManager $cookieManager,
LoginManager $login,
PluginManager $pluginManager,
LoggerInterface $logger
) {
$this->conf = $conf;
$this->session = $session;
$this->login = $login;
$this->cookieManager = $cookieManager;
$this->pluginManager = $pluginManager;
$this->logger = $logger;
public function build(): ShaarliContainer
$container = new ShaarliContainer();
$container['conf'] = $this->conf;
$container['sessionManager'] = $this->session;
$container['cookieManager'] = $this->cookieManager;
$container['loginManager'] = $this->login;
$container['pluginManager'] = $this->pluginManager;
$container['logger'] = $this->logger;
$container['basePath'] = $this->basePath;
$container['history'] = function (ShaarliContainer $container): History {
return new History($container->conf->get('resource.history'));
$container['bookmarkService'] = function (ShaarliContainer $container): BookmarkServiceInterface {
return new BookmarkFileService(
new FlockMutex(fopen(SHAARLI_MUTEX_FILE, 'r'), 2),
$container['metadataRetriever'] = function (ShaarliContainer $container): MetadataRetriever {
return new MetadataRetriever($container->conf, $container->httpAccess);
$container['pageBuilder'] = function (ShaarliContainer $container): PageBuilder {
return new PageBuilder(
$container['formatterFactory'] = function (ShaarliContainer $container): FormatterFactory {
return new FormatterFactory(
$container['pageCacheManager'] = function (ShaarliContainer $container): PageCacheManager {
return new PageCacheManager(
$container['feedBuilder'] = function (ShaarliContainer $container): FeedBuilder {
return new FeedBuilder(
$container['thumbnailer'] = function (ShaarliContainer $container): Thumbnailer {
return new Thumbnailer($container->conf);
$container['httpAccess'] = function (): HttpAccess {
return new HttpAccess();
$container['netscapeBookmarkUtils'] = function (ShaarliContainer $container): NetscapeBookmarkUtils {
return new NetscapeBookmarkUtils($container->bookmarkService, $container->conf, $container->history);
$container['updater'] = function (ShaarliContainer $container): Updater {
return new Updater(
$container['notFoundHandler'] = function (ShaarliContainer $container): ErrorNotFoundController {
return new ErrorNotFoundController($container);
$container['errorHandler'] = function (ShaarliContainer $container): ErrorController {
return new ErrorController($container);
$container['phpErrorHandler'] = function (ShaarliContainer $container): ErrorController {
return new ErrorController($container);
return $container;

namespace Shaarli\Container;
use Psr\Log\LoggerInterface;
use Shaarli\Bookmark\BookmarkServiceInterface;
use Shaarli\Config\ConfigManager;
use Shaarli\Feed\FeedBuilder;
use Shaarli\Formatter\FormatterFactory;
use Shaarli\History;
use Shaarli\Http\HttpAccess;
use Shaarli\Http\MetadataRetriever;
use Shaarli\Netscape\NetscapeBookmarkUtils;
use Shaarli\Plugin\PluginManager;
use Shaarli\Render\PageBuilder;
use Shaarli\Render\PageCacheManager;
use Shaarli\Security\CookieManager;
use Shaarli\Security\LoginManager;
use Shaarli\Security\SessionManager;
use Shaarli\Thumbnailer;
use Shaarli\Updater\Updater;
use Slim\Container;
* Extension of Slim container to document the injected objects.
* @property string $basePath Shaarli's instance base path (e.g. `/shaarli/`)
* @property BookmarkServiceInterface $bookmarkService
* @property CookieManager $cookieManager
* @property ConfigManager $conf
* @property mixed[] $environment $_SERVER automatically injected by Slim
* @property callable $errorHandler Overrides default Slim exception display
* @property FeedBuilder $feedBuilder
* @property FormatterFactory $formatterFactory
* @property History $history
* @property HttpAccess $httpAccess
* @property LoginManager $loginManager
* @property LoggerInterface $logger
* @property MetadataRetriever $metadataRetriever
* @property NetscapeBookmarkUtils $netscapeBookmarkUtils
* @property callable $notFoundHandler Overrides default Slim exception display
* @property PageBuilder $pageBuilder
* @property PageCacheManager $pageCacheManager
* @property callable $phpErrorHandler Overrides default Slim PHP error display
* @property PluginManager $pluginManager
* @property SessionManager $sessionManager
* @property Thumbnailer $thumbnailer
* @property Updater $updater
class ShaarliContainer extends Container

namespace Shaarli\Exceptions;
use Exception;
* Exception class thrown when a filesystem access failure happens
class IOException extends Exception
private $path;
* Construct a new IOException
* @param string $path path to the resource that cannot be accessed
* @param string $message Custom exception message.
public function __construct($path, $message = '')
$this->path = $path;
$this->message = empty($message) ? t('Error accessing') : $message;
$this->message .= ' "' . $this->path . '"';

namespace Shaarli\Feed;
use DatePeriod;
* Simple cache system, mainly for the RSS/ATOM feeds
class CachedPage
/** Directory containing page caches */
protected $cacheDir;
/** Should this URL be cached (boolean)? */
protected $shouldBeCached;
/** Name of the cache file for this URL */
protected $filename;
/** @var DatePeriod|null Optionally specify a period of time for cache validity */
protected $validityPeriod;
* Creates a new CachedPage
* @param string $cacheDir page cache directory
* @param string $url page URL
* @param bool $shouldBeCached whether this page needs to be cached
* @param ?DatePeriod $validityPeriod Optionally specify a time limit on requested cache
public function __construct($cacheDir, $url, $shouldBeCached, ?DatePeriod $validityPeriod)
// TODO: check write access to the cache directory
$this->cacheDir = $cacheDir;
$this->filename = $this->cacheDir . '/' . sha1($url) . '.cache';
$this->shouldBeCached = $shouldBeCached;
$this->validityPeriod = $validityPeriod;
* Returns the cached version of a page, if it exists and should be cached
* @return string a cached version of the page if it exists, null otherwise
public function cachedVersion()
if (!$this->shouldBeCached) {
return null;
if (!is_file($this->filename)) {
return null;
if ($this->validityPeriod !== null) {
$cacheDate = \DateTime::createFromFormat('U', (string) filemtime($this->filename));
if (
$cacheDate < $this->validityPeriod->getStartDate()
|| $cacheDate > $this->validityPeriod->getEndDate()
) {
return null;
return file_get_contents($this->filename);
* Puts a page in the cache
* @param string $pageContent XML content to cache
public function cache($pageContent)
if (!$this->shouldBeCached) {
file_put_contents($this->filename, $pageContent);

namespace Shaarli\Feed;
use DateTime;
use Shaarli\Bookmark\Bookmark;
use Shaarli\Bookmark\BookmarkServiceInterface;
use Shaarli\Formatter\BookmarkFormatter;
* FeedBuilder class.
* Used to build ATOM and RSS feeds data.
class FeedBuilder
* @var string Constant: RSS feed type.
public static $FEED_RSS = 'rss';
* @var string Constant: ATOM feed type.
public static $FEED_ATOM = 'atom';
* @var string Default language if the locale isn't set.
public static $DEFAULT_LANGUAGE = 'en-en';
* @var int Number of bookmarks to display in a feed by default.
public static $DEFAULT_NB_LINKS = 50;
* @var BookmarkServiceInterface instance.
protected $linkDB;
* @var BookmarkFormatter instance.
protected $formatter;
/** @var mixed[] $_SERVER */
protected $serverInfo;
* @var boolean True if the user is currently logged in, false otherwise.
protected $isLoggedIn;
* @var boolean Use permalinks instead of direct bookmarks if true.
protected $usePermalinks;
* @var boolean true to hide dates in feeds.
protected $hideDates;
* @var string server locale.
protected $locale;
* @var DateTime Latest item date.
protected $latestDate;
* Feed constructor.
* @param BookmarkServiceInterface $linkDB LinkDB instance.
* @param BookmarkFormatter $formatter instance.
* @param array $serverInfo $_SERVER.
* @param boolean $isLoggedIn True if the user is currently logged in, false otherwise.
public function __construct($linkDB, $formatter, $serverInfo, $isLoggedIn)
$this->linkDB = $linkDB;
$this->formatter = $formatter;
$this->serverInfo = $serverInfo;
$this->isLoggedIn = $isLoggedIn;
* Build data for feed templates.
* @param string $feedType Type of feed (RSS/ATOM).
* @param array $userInput $_GET.
* @return array Formatted data for feeds templates.
public function buildData(string $feedType, ?array $userInput)
// Search for untagged bookmarks
if (isset($this->userInput['searchtags']) && empty($userInput['searchtags'])) {
$userInput['searchtags'] = false;
$limit = $this->getLimit($userInput);
// Optionally filter the results:
$searchResult = $this->linkDB->search($userInput ?? [], null, false, false, true, ['limit' => $limit]);
$pageaddr = escape(index_url($this->serverInfo));
$this->formatter->addContextData('index_url', $pageaddr);
$links = [];
foreach ($searchResult->getBookmarks() as $key => $bookmark) {
$links[$key] = $this->buildItem($feedType, $bookmark, $pageaddr);
$data['language'] = $this->getTypeLanguage($feedType);
$data['last_update'] = $this->getLatestDateFormatted($feedType);
$data['show_dates'] = !$this->hideDates || $this->isLoggedIn;
// Remove leading path from REQUEST_URI (already contained in $pageaddr).
$requestUri = preg_replace('#(.*?/)(feed.*)#', '$2', escape($this->serverInfo['REQUEST_URI']));
$data['self_link'] = $pageaddr . $requestUri;
$data['index_url'] = $pageaddr;
$data['usepermalinks'] = $this->usePermalinks === true;
$data['links'] = $links;
return $data;
* Set this to true to use permalinks instead of direct bookmarks.
* @param boolean $usePermalinks true to force permalinks.
public function setUsePermalinks($usePermalinks)
$this->usePermalinks = $usePermalinks;
* Set this to true to hide timestamps in feeds.
* @param boolean $hideDates true to enable.
public function setHideDates($hideDates)
$this->hideDates = $hideDates;
* Set the locale. Used to show feed language.
* @param string $locale The locale (eg. 'fr_FR.UTF8').
public function setLocale($locale)
$this->locale = strtolower($locale);
* Build a feed item (one per shaare).
* @param string $feedType Type of feed (RSS/ATOM).
* @param Bookmark $link Single link array extracted from LinkDB.
* @param string $pageaddr Index URL.
* @return array Link array with feed attributes.
protected function buildItem(string $feedType, $link, $pageaddr)
$data = $this->formatter->format($link);
$data['guid'] = rtrim($pageaddr, '/') . '/shaare/' . $data['shorturl'];
if ($this->usePermalinks === true) {
$permalink = '<a href="' . $data['url'] . '" title="' . t('Direct link') . '">' . t('Direct link') . '</a>';
} else {
$permalink = '<a href="' . $data['guid'] . '" title="' . t('Permalink') . '">' . t('Permalink') . '</a>';
$data['description'] .= PHP_EOL . PHP_EOL . '<br>&#8212; ' . $permalink;
$data['pub_iso_date'] = $this->getIsoDate($feedType, $data['created']);
// atom:entry elements MUST contain exactly one atom:updated element.
if (!empty($link->getUpdated())) {
$data['up_iso_date'] = $this->getIsoDate($feedType, $data['updated'], DateTime::ATOM);
} else {
$data['up_iso_date'] = $this->getIsoDate($feedType, $data['created'], DateTime::ATOM);
// Save the more recent item.
if (empty($this->latestDate) || $this->latestDate < $data['created']) {
$this->latestDate = $data['created'];
if (!empty($data['updated']) && $this->latestDate < $data['updated']) {
$this->latestDate = $data['updated'];
return $data;
* Get the language according to the feed type, based on the locale:
* - RSS format: en-us (default: 'en-en').
* - ATOM format: fr (default: 'en').
* @param string $feedType Type of feed (RSS/ATOM).
* @return string The language.
protected function getTypeLanguage(string $feedType)
// Use the locale do define the language, if available.
if (!empty($this->locale) && preg_match('/^\w{2}[_\-]\w{2}/', $this->locale)) {
$length = ($feedType === self::$FEED_RSS) ? 5 : 2;
return str_replace('_', '-', substr($this->locale, 0, $length));
return ($feedType === self::$FEED_RSS) ? 'en-en' : 'en';
* Format the latest item date found according to the feed type.
* Return an empty string if invalid DateTime is passed.
* @param string $feedType Type of feed (RSS/ATOM).
* @return string Formatted date.
protected function getLatestDateFormatted(string $feedType)
if (empty($this->latestDate) || !$this->latestDate instanceof DateTime) {
return '';
$type = ($feedType == self::$FEED_RSS) ? DateTime::RSS : DateTime::ATOM;
return $this->latestDate->format($type);
* Get ISO date from DateTime according to feed type.
* @param string $feedType Type of feed (RSS/ATOM).
* @param DateTime $date Date to format.
* @param string|bool $format Force format.
* @return string Formatted date.
protected function getIsoDate(string $feedType, DateTime $date, $format = false)
if ($format !== false) {
return $date->format($format);
if ($feedType == self::$FEED_RSS) {
return $date->format(DateTime::RSS);
return $date->format(DateTime::ATOM);
* Returns the number of link to display according to 'nb' user input parameter.
* If 'nb' not set or invalid, default value: $DEFAULT_NB_LINKS.
* If 'nb' is set to 'all', display all filtered bookmarks (max parameter).
* @param array $userInput $_GET.
* @return int number of bookmarks to display.
protected function getLimit(?array $userInput)
if (empty($userInput['nb'])) {
return self::$DEFAULT_NB_LINKS;
if ($userInput['nb'] == 'all') {
return null;
$intNb = intval($userInput['nb']);
if (!is_int($intNb) || $intNb == 0) {
return self::$DEFAULT_NB_LINKS;
return $intNb;

View file

@ -1,229 +0,0 @@
namespace Shaarli\Formatter;
use Shaarli\Bookmark\Bookmark;
* Class BookmarkDefaultFormatter
* Default bookmark formatter.
* Escape values for HTML display and automatically add link to URL and hashtags.
* @package Shaarli\Formatter
class BookmarkDefaultFormatter extends BookmarkFormatter
* @inheritdoc
protected function formatTitle($bookmark)
return escape($bookmark->getTitle());
* @inheritdoc
protected function formatTitleHtml($bookmark)
$title = $this->tokenizeSearchHighlightField(
$bookmark->getTitle() ?? '',
$bookmark->getAdditionalContentEntry('search_highlight')['title'] ?? []
return $this->replaceTokens(escape($title));
* @inheritdoc
protected function formatDescription($bookmark)
$indexUrl = ! empty($this->contextData['index_url']) ? $this->contextData['index_url'] : '';
$description = $this->tokenizeSearchHighlightField(
$bookmark->getDescription() ?? '',
$bookmark->getAdditionalContentEntry('search_highlight')['description'] ?? []
$description = format_description(
$this->conf->get('formatter_settings.autolink', true)
return $this->replaceTokens($description);
* @inheritdoc
protected function formatTagList($bookmark)
return escape(parent::formatTagList($bookmark));
* @inheritdoc
protected function formatTagListHtml($bookmark)
$tagsSeparator = $this->conf->get('general.tags_separator', ' ');
if (empty($bookmark->getAdditionalContentEntry('search_highlight')['tags'])) {
return $this->formatTagList($bookmark);
$tags = $this->tokenizeSearchHighlightField(
$tags = $this->filterTagList(tags_str2array($tags, $tagsSeparator));
$tags = escape($tags);
$tags = $this->replaceTokensArray($tags);
return $tags;
* @inheritdoc
protected function formatTagString($bookmark)
return implode($this->conf->get('general.tags_separator'), $this->formatTagList($bookmark));
* @inheritdoc
protected function formatUrl($bookmark)
if ($bookmark->isNote() && isset($this->contextData['index_url'])) {
return rtrim($this->contextData['index_url'], '/') . '/' . escape(ltrim($bookmark->getUrl(), '/'));
return escape($bookmark->getUrl());
* @inheritdoc
protected function formatRealUrl($bookmark)
if ($bookmark->isNote()) {
if (isset($this->contextData['index_url'])) {
$prefix = rtrim($this->contextData['index_url'], '/') . '/';
if (isset($this->contextData['base_path'])) {
$prefix = rtrim($this->contextData['base_path'], '/') . '/';
return escape($prefix ?? '') . escape(ltrim($bookmark->getUrl() ?? '', '/'));
return escape($bookmark->getUrl());
* @inheritdoc
protected function formatUrlHtml($bookmark)
$url = $this->tokenizeSearchHighlightField(
$bookmark->getUrl() ?? '',
$bookmark->getAdditionalContentEntry('search_highlight')['url'] ?? []
return $this->replaceTokens(escape($url));
* @inheritdoc
protected function formatThumbnail($bookmark)
return escape($bookmark->getThumbnail());
* @inheritDoc
protected function formatAdditionalContent(Bookmark $bookmark): array
$additionalContent = parent::formatAdditionalContent($bookmark);
return $additionalContent;
* Insert search highlight token in provided field content based on a list of search result positions
* @param string $fieldContent
* @param array|null $positions List of of search results with 'start' and 'end' positions.
* @return string Updated $fieldContent.
protected function tokenizeSearchHighlightField(string $fieldContent, ?array $positions): string
if (empty($positions)) {
return $fieldContent;
$insertedTokens = 0;
$tokenLength = strlen(static::SEARCH_HIGHLIGHT_OPEN);
foreach ($positions as $position) {
$position = [
'start' => $position['start'] + ($insertedTokens * $tokenLength),
'end' => $position['end'] + ($insertedTokens * $tokenLength),
$content = mb_substr($fieldContent, 0, $position['start']);
$content .= static::SEARCH_HIGHLIGHT_OPEN;
$content .= mb_substr($fieldContent, $position['start'], $position['end'] - $position['start']);
$content .= static::SEARCH_HIGHLIGHT_CLOSE;
$content .= mb_substr($fieldContent, $position['end']);
$fieldContent = $content;
$insertedTokens += 2;
return $fieldContent;
* Replace search highlight tokens with HTML highlighted span.
* @param string $fieldContent
* @return string updated content.
protected function replaceTokens(string $fieldContent): string
return str_replace(
['<span class="search-highlight">', '</span>'],
* Apply replaceTokens to an array of content strings.
* @param string[] $fieldContents
foreach ($fieldContents as &$entry) {
$entry = $this->replaceTokens($entry);
return $fieldContents;

namespace Shaarli\Formatter;
use DateTimeInterface;
use Shaarli\Bookmark\Bookmark;
use Shaarli\Config\ConfigManager;
* Class BookmarkFormatter
* Abstract class processing all bookmark attributes through methods designed to be overridden.
* List of available formatted fields:
* - id ID
* - shorturl Unique identifier, used in permalinks
* - url URL, can be altered in some way, e.g. passing through an HTTP reverse proxy
* - real_url (legacy) same as `url`
* - url_html URL to be displayed in HTML content (it can contain HTML tags)
* - title Title
* - title_html Title to be displayed in HTML content (it can contain HTML tags)
* - description Description content. It most likely contains HTML tags
* - thumbnail Thumbnail: path to local cache file, false if there is none, null if hasn't been retrieved
* - taglist List of tags (array)
* - taglist_urlencoded List of tags (array) URL encoded: it must be used to create a link to a URL containing a tag
* - taglist_html List of tags (array) to be displayed in HTML content (it can contain HTML tags)
* - tags Tags separated by a single whitespace
* - tags_urlencoded Tags separated by a single whitespace, URL encoded: must be used to create a link
* - sticky Is sticky (bool)
* - private Is private (bool)
* - class Additional CSS class
* - created Creation DateTime
* - updated Last edit DateTime
* - timestamp Creation timestamp
* - updated_timestamp Last edit timestamp
* @package Shaarli\Formatter
abstract class BookmarkFormatter
* @var ConfigManager
protected $conf;
/** @var bool */
protected $isLoggedIn;
* @var array Additional parameters than can be used for specific formatting
* e.g. index_url for Feed formatting
protected $contextData = [];
* LinkDefaultFormatter constructor.
* @param ConfigManager $conf
public function __construct(ConfigManager $conf, bool $isLoggedIn)
$this->conf = $conf;
$this->isLoggedIn = $isLoggedIn;
* Convert a Bookmark into an array usable by templates and plugins.
* All Bookmark attributes are formatted through a format method
* that can be overridden in a formatter extending this class.
* @param Bookmark $bookmark instance
* @return array formatted representation of a Bookmark
public function format($bookmark)
$out['id'] = $this->formatId($bookmark);
$out['shorturl'] = $this->formatShortUrl($bookmark);
$out['url'] = $this->formatUrl($bookmark);
$out['real_url'] = $this->formatRealUrl($bookmark);
$out['url_html'] = $this->formatUrlHtml($bookmark);
$out['title'] = $this->formatTitle($bookmark);
$out['title_html'] = $this->formatTitleHtml($bookmark);
$out['description'] = $this->formatDescription($bookmark);
$out['thumbnail'] = $this->formatThumbnail($bookmark);
$out['taglist'] = $this->formatTagList($bookmark);
$out['taglist_urlencoded'] = $this->formatTagListUrlEncoded($bookmark);
$out['taglist_html'] = $this->formatTagListHtml($bookmark);
$out['tags'] = $this->formatTagString($bookmark);
$out['tags_urlencoded'] = $this->formatTagStringUrlEncoded($bookmark);
$out['sticky'] = $bookmark->isSticky();
$out['private'] = $bookmark->isPrivate();
$out['class'] = $this->formatClass($bookmark);
$out['created'] = $this->formatCreated($bookmark);
$out['updated'] = $this->formatUpdated($bookmark);
$out['timestamp'] = $this->formatCreatedTimestamp($bookmark);
$out['updated_timestamp'] = $this->formatUpdatedTimestamp($bookmark);
$out['additional_content'] = $this->formatAdditionalContent($bookmark);
return $out;
* Add additional data available to formatters.
* This is used for example to add `index_url` in description's links.
* @param string $key Context data key
* @param string $value Context data value
public function addContextData($key, $value)
$this->contextData[$key] = $value;
return $this;
* Format ID
* @param Bookmark $bookmark instance
* @return int formatted ID
protected function formatId($bookmark)
return $bookmark->getId();
* Format ShortUrl
* @param Bookmark $bookmark instance
* @return string formatted ShortUrl
protected function formatShortUrl($bookmark)
return $bookmark->getShortUrl();
* Format Url
* @param Bookmark $bookmark instance
* @return string formatted Url
protected function formatUrl($bookmark)
return $bookmark->getUrl();
* Format RealUrl
* Legacy: identical to Url
* @param Bookmark $bookmark instance
* @return string formatted RealUrl
protected function formatRealUrl($bookmark)
return $this->formatUrl($bookmark);
* Format Url Html: to be displayed in HTML content, it can contains HTML tags.
* @param Bookmark $bookmark instance
* @return string formatted Url HTML
protected function formatUrlHtml($bookmark)
return $this->formatUrl($bookmark);
* Format Title
* @param Bookmark $bookmark instance
* @return string formatted Title
protected function formatTitle($bookmark)
return $bookmark->getTitle();
* Format Title HTML: to be displayed in HTML content, it can contains HTML tags.
* @param Bookmark $bookmark instance
* @return string formatted Title
protected function formatTitleHtml($bookmark)
return $bookmark->getTitle();
* Format Description
* @param Bookmark $bookmark instance
* @return string formatted Description
protected function formatDescription($bookmark)
return $bookmark->getDescription();
* Format Thumbnail
* @param Bookmark $bookmark instance
* @return string formatted Thumbnail
protected function formatThumbnail($bookmark)
return $bookmark->getThumbnail();
* Format Tags
* @param Bookmark $bookmark instance
* @return array formatted Tags
protected function formatTagList($bookmark)
return $this->filterTagList($bookmark->getTags());
* Format Url Encoded Tags
* @param Bookmark $bookmark instance
* @return array formatted Tags
protected function formatTagListUrlEncoded($bookmark)
return array_map('urlencode', $this->filterTagList($bookmark->getTags()));
* Format Tags HTML: to be displayed in HTML content, it can contains HTML tags.
* @param Bookmark $bookmark instance
* @return array formatted Tags
protected function formatTagListHtml($bookmark)
return $this->formatTagList($bookmark);
* Format TagString
* @param Bookmark $bookmark instance
* @return string formatted TagString
protected function formatTagString($bookmark)
return implode($this->conf->get('general.tags_separator', ' '), $this->formatTagList($bookmark));
* Format TagString
* @param Bookmark $bookmark instance
* @return string formatted TagString
protected function formatTagStringUrlEncoded($bookmark)
return implode(' ', $this->formatTagListUrlEncoded($bookmark));
* Format Class
* Used to add specific CSS class for a link
* @param Bookmark $bookmark instance
* @return string formatted Class
protected function formatClass($bookmark)
return $bookmark->isPrivate() ? 'private' : '';
* Format Created
* @param Bookmark $bookmark instance
* @return DateTimeInterface instance
protected function formatCreated(Bookmark $bookmark)
return $bookmark->getCreated();
* Format Updated
* @param Bookmark $bookmark instance
* @return DateTimeInterface instance
protected function formatUpdated(Bookmark $bookmark)
return $bookmark->getUpdated();
* Format CreatedTimestamp
* @param Bookmark $bookmark instance
* @return int formatted CreatedTimestamp
protected function formatCreatedTimestamp(Bookmark $bookmark)
if (! empty($bookmark->getCreated())) {
return $bookmark->getCreated()->getTimestamp();
return 0;
* Format UpdatedTimestamp
* @param Bookmark $bookmark instance
* @return int formatted UpdatedTimestamp
protected function formatUpdatedTimestamp(Bookmark $bookmark)
if (! empty($bookmark->getUpdated())) {
return $bookmark->getUpdated()->getTimestamp();
return 0;
* Format bookmark's additional content
* @param Bookmark $bookmark instance
* @return mixed[]
protected function formatAdditionalContent(Bookmark $bookmark): array
return $bookmark->getAdditionalContent();
* Format tag list, e.g. remove private tags if the user is not logged in.
* TODO: this method is called multiple time to format tags, the result should be cached.
* @param array $tags
* @return array
protected function filterTagList(array $tags): array
if ($this->isLoggedIn === true) {
return $tags;
$out = [];
foreach ($tags as $tag) {
if (strpos($tag, '.') === 0) {
$out[] = $tag;
return $out;

namespace Shaarli\Formatter;
use Shaarli\Config\ConfigManager;
use Shaarli\Formatter\Parsedown\ShaarliParsedownExtra;
* Class BookmarkMarkdownExtraFormatter
* Format bookmark description into MarkdownExtra format.
* @see
* @package Shaarli\Formatter
class BookmarkMarkdownExtraFormatter extends BookmarkMarkdownFormatter
public function __construct(ConfigManager $conf, bool $isLoggedIn)
parent::__construct($conf, $isLoggedIn);
$this->parsedown = new ShaarliParsedownExtra();

namespace Shaarli\Formatter;
use Shaarli\Config\ConfigManager;
use Shaarli\Formatter\Parsedown\ShaarliParsedown;
* Class BookmarkMarkdownFormatter
* Format bookmark description into Markdown format.
* @package Shaarli\Formatter
class BookmarkMarkdownFormatter extends BookmarkDefaultFormatter
* When this tag is present in a bookmark, its description should not be processed with Markdown
public const NO_MD_TAG = 'nomarkdown';
/** @var \Parsedown instance */
protected $parsedown;
/** @var bool used to escape HTML in Markdown or not.
* It MUST be set to true for shared instance as HTML content can
* introduce XSS vulnerabilities.
protected $escape;
* @var array List of allowed protocols for links inside bookmark's description.
protected $allowedProtocols;
* LinkMarkdownFormatter constructor.
* @param ConfigManager $conf instance
* @param bool $isLoggedIn
public function __construct(ConfigManager $conf, bool $isLoggedIn)
parent::__construct($conf, $isLoggedIn);
$this->parsedown = new ShaarliParsedown();
$this->escape = $conf->get('security.markdown_escape', true);
$this->allowedProtocols = $conf->get('security.allowed_protocols', []);
* @inheritdoc
public function formatDescription($bookmark)
if (in_array(self::NO_MD_TAG, $bookmark->getTags())) {
return parent::formatDescription($bookmark);
$processedDescription = $this->tokenizeSearchHighlightField(
$bookmark->getDescription() ?? '',
$bookmark->getAdditionalContentEntry('search_highlight')['description'] ?? []
$processedDescription = $this->filterProtocols($processedDescription);
$processedDescription = $this->formatHashTags($processedDescription);
$processedDescription = $this->reverseEscapedHtml($processedDescription);
$processedDescription = $this->parsedown
$processedDescription = $this->sanitizeHtml($processedDescription);
$processedDescription = $this->replaceTokens($processedDescription);
if (!empty($processedDescription)) {
$processedDescription = '<div class="markdown">' . $processedDescription . '</div>';
return $processedDescription;
* Remove the NO markdown tag if it is present
* @inheritdoc
protected function formatTagList($bookmark)
$out = parent::formatTagList($bookmark);
if ($this->isLoggedIn === false && ($pos = array_search(self::NO_MD_TAG, $out)) !== false) {
return array_values($out);
return $out;
* Replace not whitelisted protocols with http:// in given description.
* Also adds `index_url` to relative links if it's specified
* @param string $description input description text.
* @return string $description without malicious link.
protected function filterProtocols($description)
$allowedProtocols = $this->allowedProtocols;
$indexUrl = ! empty($this->contextData['index_url']) ? $this->contextData['index_url'] : '';
return preg_replace_callback(
function ($match) use ($allowedProtocols, $indexUrl) {
$link = startsWith($match[1], '?') || startsWith($match[1], '/') ? $indexUrl : '';
$link .= whitelist_protocols($match[1], $allowedProtocols);
return '](' . $link . ')';
* Replace hashtag in Markdown links format
* E.g. `#hashtag` becomes `[#hashtag](./add-tag/hashtag)`
* It includes the index URL if specified.
* @param string $description
* @return string
protected function formatHashTags($description)
$indexUrl = ! empty($this->contextData['index_url']) ? $this->contextData['index_url'] : '';
$tokens = '(?:' . BookmarkDefaultFormatter::SEARCH_HIGHLIGHT_OPEN . ')' .
'(?:' . BookmarkDefaultFormatter::SEARCH_HIGHLIGHT_CLOSE . ')'
* To support unicode:
* \p{Pc} - to match underscore
* \p{N} - numeric character in any script
* \p{L} - letter from any language
* \p{Mn} - any non marking space (accents, umlauts, etc)
$regex = '/(^|\s)#([\p{Pc}\p{N}\p{L}\p{Mn}' . $tokens . ']+)/mui';
$replacement = function (array $match) use ($indexUrl): string {
$cleanMatch = str_replace(
str_replace(BookmarkDefaultFormatter::SEARCH_HIGHLIGHT_CLOSE, '', $match[2])
return $match[1] . '[#' . $match[2] . '](' . $indexUrl . './add-tag/' . $cleanMatch . ')';
$descriptionLines = explode(PHP_EOL, $description);
$descriptionOut = '';
$codeBlockOn = false;
$lineCount = 0;
foreach ($descriptionLines as $descriptionLine) {
// Detect line of code: starting with 4 spaces,
// except lists which can start with +/*/- or `2.` after spaces.
$codeLineOn = preg_match('/^ +(?=[^\+\*\-])(?=(?!\d\.).)/', $descriptionLine) > 0;
// Detect and toggle block of code
if (!$codeBlockOn) {
$codeBlockOn = preg_match('/^```/', $descriptionLine) > 0;
} elseif (preg_match('/^```/', $descriptionLine) > 0) {
$codeBlockOn = false;
if (!$codeBlockOn && !$codeLineOn) {
$descriptionLine = preg_replace_callback($regex, $replacement, $descriptionLine);
$descriptionOut .= $descriptionLine;
if ($lineCount++ < count($descriptionLines) - 1) {
$descriptionOut .= PHP_EOL;
return $descriptionOut;
* Remove dangerous HTML tags (tags, iframe, etc.).
* Doesn't affect <code> content (already escaped by Parsedown).
* @param string $description input description text.
* @return string given string escaped.
protected function sanitizeHtml($description)
$escapeTags = [
foreach ($escapeTags as $tag) {
$description = preg_replace_callback(
'#<\s*' . $tag . '[^>]*>(.*</\s*' . $tag . '[^>]*>)?#is',
function ($match) {
return escape($match[0]);
$description = preg_replace(
'#(<[^>]+\s)on[a-z]*="?[^ "]*"?#is',
return $description;
protected function reverseEscapedHtml($description)
return unescape($description);

namespace Shaarli\Formatter;
* Class BookmarkRawFormatter
* Used to retrieve bookmarks as array with raw values.
* Warning: Do NOT use this for HTML content as it can introduce XSS vulnerabilities.
* @package Shaarli\Formatter
class BookmarkRawFormatter extends BookmarkFormatter

View file

@ -1,51 +0,0 @@
namespace Shaarli\Formatter;
use Shaarli\Config\ConfigManager;
* Class FormatterFactory
* Helper class used to instantiate the proper BookmarkFormatter.
* @package Shaarli\Formatter
class FormatterFactory
/** @var ConfigManager instance */
protected $conf;
/** @var bool */
protected $isLoggedIn;
* FormatterFactory constructor.
* @param ConfigManager $conf
* @param bool $isLoggedIn
public function __construct(ConfigManager $conf, bool $isLoggedIn)
$this->conf = $conf;
$this->isLoggedIn = $isLoggedIn;
* Instanciate a BookmarkFormatter depending on the configuration or provided formatter type.
* @param string|null $type force a specific type regardless of the configuration
* @return BookmarkFormatter instance.
public function getFormatter(string $type = null): BookmarkFormatter
$type = $type ? $type : $this->conf->get('formatter', 'default');
$className = '\\Shaarli\\Formatter\\Bookmark' . ucfirst($type) . 'Formatter';
if (!class_exists($className)) {
$className = '\\Shaarli\\Formatter\\BookmarkDefaultFormatter';
return new $className($this->conf, $this->isLoggedIn);

namespace Shaarli\Formatter\Parsedown;
* Parsedown extension for Shaarli.
* Extension for both Parsedown and ParsedownExtra centralized in ShaarliParsedownTrait.
class ShaarliParsedown extends \Parsedown
use ShaarliParsedownTrait;

namespace Shaarli\Formatter\Parsedown;
* ParsedownExtra extension for Shaarli.
* Extension for both Parsedown and ParsedownExtra centralized in ShaarliParsedownTrait.
class ShaarliParsedownExtra extends \ParsedownExtra
use ShaarliParsedownTrait;

namespace Shaarli\Formatter\Parsedown;
use Shaarli\Formatter\BookmarkDefaultFormatter as Formatter;
* Trait used for Parsedown and ParsedownExtra extension.
* Extended:
* - Format links properly in search context
trait ShaarliParsedownTrait
* @inheritDoc
protected function inlineLink($excerpt)
return $this->shaarliFormatLink(parent::inlineLink($excerpt), true);
* @inheritDoc
protected function inlineUrl($excerpt)
return $this->shaarliFormatLink(parent::inlineUrl($excerpt), false);
* Properly format markdown link:
* - remove highlight tags from HREF attribute
* - (optional) add highlight tags to link caption
* @param array|null $link Parsedown formatted link array.
* It can be empty.
* @param bool $fullWrap Add highlight tags the whole link caption
* @return array|null
protected function shaarliFormatLink(?array $link, bool $fullWrap): ?array
// If open and clean search tokens are found in the link, process.
if (
&& strpos($link['element']['attributes']['href'] ?? '', Formatter::SEARCH_HIGHLIGHT_OPEN) !== false
&& strpos($link['element']['attributes']['href'] ?? '', Formatter::SEARCH_HIGHLIGHT_CLOSE) !== false
) {
$link['element']['attributes']['href'] = $this->shaarliRemoveSearchTokens(
if ($fullWrap) {
$link['element']['text'] = Formatter::SEARCH_HIGHLIGHT_OPEN .
$link['element']['text'] .
return $link;
* Remove open and close tags from provided string.
* @param string $entry input
* @return string Striped input
protected function shaarliRemoveSearchTokens(string $entry): string
$entry = str_replace(Formatter::SEARCH_HIGHLIGHT_OPEN, '', $entry);
$entry = str_replace(Formatter::SEARCH_HIGHLIGHT_CLOSE, '', $entry);
return $entry;

namespace Shaarli\Front;
use Slim\Http\Request;
use Slim\Http\Response;
* Middleware used for controller requiring to be authenticated.
* It extends ShaarliMiddleware, and just make sure that the user is authenticated.
* Otherwise, it redirects to the login page.
class ShaarliAdminMiddleware extends ShaarliMiddleware
public function __invoke(Request $request, Response $response, callable $next): Response
if (true !== $this->container->loginManager->isLoggedIn()) {
$returnUrl = urlencode($this->container->environment['REQUEST_URI']);
return $response->withRedirect($this->container->basePath . '/login?returnurl=' . $returnUrl);
return parent::__invoke($request, $response, $next);

namespace Shaarli\Front;
use Shaarli\Container\ShaarliContainer;
use Shaarli\Front\Exception\UnauthorizedException;
use Slim\Http\Request;
use Slim\Http\Response;
* Class ShaarliMiddleware
* This will be called before accessing any Shaarli controller.
class ShaarliMiddleware
/** @var ShaarliContainer contains all Shaarli DI */
protected $container;
public function __construct(ShaarliContainer $container)
$this->container = $container;
* Middleware execution:
* - run updates
* - if not logged in open shaarli, redirect to login
* - execute the controller
* - return the response
* In case of error, the error template will be displayed with the exception message.
* @param Request $request Slim request
* @param Response $response Slim response
* @param callable $next Next action
* @return Response response.
public function __invoke(Request $request, Response $response, callable $next): Response
try {
if (
&& !in_array($next->getName(), ['displayInstall', 'saveInstall'], true)
) {
return $response->withRedirect($this->container->basePath . '/install');
$this->checkOpenShaarli($request, $response, $next);
return $next($request, $response);
} catch (UnauthorizedException $e) {
$returnUrl = urlencode($this->container->environment['REQUEST_URI']);
return $response->withRedirect($this->container->basePath . '/login?returnurl=' . $returnUrl);
// Other exceptions are handled by ErrorController
* Run the updater for every requests processed while logged in.
protected function runUpdates(): void
if ($this->container->loginManager->isLoggedIn() !== true) {
$newUpdates = $this->container->updater->update();
if (!empty($newUpdates)) {
* Access is denied to most pages with `hide_public_links` + `force_login` settings.
protected function checkOpenShaarli(Request $request, Response $response, callable $next): bool
if (
// if the user isn't logged in
// and Shaarli doesn't have public content...
&& $this->container->conf->get('privacy.hide_public_links')
// and is configured to enforce the login
&& $this->container->conf->get('privacy.force_login')
// and the current page isn't already the login page
// and the user is not requesting a feed (which would lead to a different content-type as expected)
&& !in_array($next->getName(), ['login', 'processLogin', 'atom', 'rss'], true)
) {
throw new UnauthorizedException();
return true;
* Initialize the URL base path if it hasn't been defined yet.
protected function initBasePath(Request $request): void
if (null === $this->container->basePath) {
$this->container->basePath = rtrim($request->getUri()->getBasePath(), '/');

namespace Shaarli\Front\Controller\Admin;
use Shaarli\Languages;
use Shaarli\Render\TemplatePage;
use Shaarli\Render\ThemeUtils;
use Shaarli\Thumbnailer;
use Slim\Http\Request;
use Slim\Http\Response;
use Throwable;
* Class ConfigureController
* Slim controller used to handle Shaarli configuration page (display + save new config).
class ConfigureController extends ShaarliAdminController
* GET /admin/configure - Displays the configuration page
public function index(Request $request, Response $response): Response
$this->assignView('title', $this->container->conf->get('general.title', 'Shaarli'));
$this->assignView('theme', $this->container->conf->get('resource.theme'));
$this->assignView('formatter_available', ['default', 'markdown', 'markdownExtra']);
list($continents, $cities) = generateTimeZoneData(
$this->assignView('continents', $continents);
$this->assignView('cities', $cities);
$this->assignView('retrieve_description', $this->container->conf->get('general.retrieve_description', false));
$this->assignView('private_links_default', $this->container->conf->get('privacy.default_private_links', false));
$this->container->conf->get('security.session_protection_disabled', false)
$this->assignView('enable_rss_permalinks', $this->container->conf->get('feed.rss_permalinks', false));
$this->assignView('enable_update_check', $this->container->conf->get('updates.check_updates', true));
$this->assignView('hide_public_links', $this->container->conf->get('privacy.hide_public_links', false));
$this->assignView('api_enabled', $this->container->conf->get('api.enabled', true));
$this->assignView('api_secret', $this->container->conf->get('api.secret'));
$this->assignView('languages', Languages::getAvailableLanguages());
$this->assignView('gd_enabled', extension_loaded('gd'));
$this->assignView('thumbnails_mode', $this->container->conf->get('thumbnails.mode', Thumbnailer::MODE_NONE));
t('Configure') . ' - ' . $this->container->conf->get('general.title', 'Shaarli')
return $response->write($this->render(TemplatePage::CONFIGURE));
* POST /admin/configure - Update Shaarli's configuration
public function save(Request $request, Response $response): Response
$continent = $request->getParam('continent');
$city = $request->getParam('city');
$tz = 'UTC';
if (null !== $continent && null !== $city && isTimeZoneValid($continent, $city)) {
$tz = $continent . '/' . $city;
$this->container->conf->set('general.timezone', $tz);
$this->container->conf->set('general.title', escape($request->getParam('title')));
$this->container->conf->set('general.header_link', escape($request->getParam('titleLink')));
$this->container->conf->set('general.retrieve_description', !empty($request->getParam('retrieveDescription')));
$this->container->conf->set('resource.theme', escape($request->getParam('theme')));
$this->container->conf->set('feed.rss_permalinks', !empty($request->getParam('enableRssPermalinks')));
$this->container->conf->set('updates.check_updates', !empty($request->getParam('updateCheck')));
$this->container->conf->set('privacy.hide_public_links', !empty($request->getParam('hidePublicLinks')));
$this->container->conf->set('api.enabled', !empty($request->getParam('enableApi')));
$this->container->conf->set('api.secret', escape($request->getParam('apiSecret')));
$this->container->conf->set('formatter', escape($request->getParam('formatter')));
if (!empty($request->getParam('language'))) {
$this->container->conf->set('translation.language', escape($request->getParam('language')));
$thumbnailsMode = extension_loaded('gd') ? $request->getParam('enableThumbnails') : Thumbnailer::MODE_NONE;
if (
$thumbnailsMode !== Thumbnailer::MODE_NONE
&& $thumbnailsMode !== $this->container->conf->get('thumbnails.mode', Thumbnailer::MODE_NONE)
) {
t('You have enabled or changed thumbnails mode.') .
'<a href="' . $this->container->basePath . '/admin/thumbnails">' .
t('Please synchronize them.') .
$this->container->conf->set('thumbnails.mode', $thumbnailsMode);
try {
} catch (Throwable $e) {
$this->assignView('message', t('Error while writing config file after configuration update.'));
if ($this->container->conf->get('dev.debug', false)) {
$this->assignView('stacktrace', $e->getMessage() . PHP_EOL . $e->getTraceAsString());
return $response->write($this->render('error'));
$this->saveSuccessMessage(t('Configuration was saved.'));
return $this->redirect($response, '/admin/configure');

namespace Shaarli\Front\Controller\Admin;
use DateTime;
use Shaarli\Bookmark\Bookmark;
use Shaarli\Render\TemplatePage;
use Slim\Http\Request;
use Slim\Http\Response;
* Class ExportController
* Slim controller used to display Shaarli data export page,
* and process the bookmarks export as a Netscape Bookmarks file.
class ExportController extends ShaarliAdminController
* GET /admin/export - Display export page
public function index(Request $request, Response $response): Response
$this->assignView('pagetitle', t('Export') . ' - ' . $this->container->conf->get('general.title', 'Shaarli'));
return $response->write($this->render(TemplatePage::EXPORT));
* POST /admin/export - Process export, and serve download file named
* bookmarks_(all|private|public)_datetime.html
public function export(Request $request, Response $response): Response
$selection = $request->getParam('selection');
if (empty($selection)) {
$this->saveErrorMessage(t('Please select an export mode.'));
return $this->redirect($response, '/admin/export');
$prependNoteUrl = filter_var($request->getParam('prepend_note_url') ?? false, FILTER_VALIDATE_BOOLEAN);
try {
$formatter = $this->container->formatterFactory->getFormatter('raw');
} catch (\Exception $exc) {
return $this->redirect($response, '/admin/export');
$now = new DateTime();
$response = $response->withHeader('Content-Type', 'text/html; charset=utf-8');
$response = $response->withHeader(
'attachment; filename=bookmarks_' . $selection . '_' . $now->format(Bookmark::LINK_DATE_FORMAT) . '.html'
$this->assignView('date', $now->format(DateTime::RFC822));
$this->assignView('eol', PHP_EOL);
$this->assignView('selection', $selection);
return $response->write($this->render(TemplatePage::NETSCAPE_EXPORT_BOOKMARKS));

namespace Shaarli\Front\Controller\Admin;
use Psr\Http\Message\UploadedFileInterface;
use Shaarli\Render\TemplatePage;
use Slim\Http\Request;
use Slim\Http\Response;
* Class ImportController
* Slim controller used to display Shaarli data import page,
* and import bookmarks from Netscape Bookmarks file.
class ImportController extends ShaarliAdminController
* GET /admin/import - Display import page
public function index(Request $request, Response $response): Response
$this->assignView('pagetitle', t('Import') . ' - ' . $this->container->conf->get('general.title', 'Shaarli'));
return $response->write($this->render(TemplatePage::IMPORT));
* POST /admin/import - Process import file provided and create bookmarks
public function import(Request $request, Response $response): Response
$file = ($request->getUploadedFiles() ?? [])['filetoupload'] ?? null;
if (!$file instanceof UploadedFileInterface) {
$this->saveErrorMessage(t('No import file provided.'));
return $this->redirect($response, '/admin/import');
// Import bookmarks from an uploaded file
if (0 === $file->getSize()) {
// The file is too big or some form field may be missing.
$msg = sprintf(
'The file you are trying to upload is probably bigger than what this webserver can accept'
. ' (%s). Please upload in smaller chunks.'
get_max_upload_size(ini_get('post_max_size'), ini_get('upload_max_filesize'))
return $this->redirect($response, '/admin/import');
$status = $this->container->netscapeBookmarkUtils->import($request->getParams(), $file);
return $this->redirect($response, '/admin/import');

namespace Shaarli\Front\Controller\Admin;
use Shaarli\Security\CookieManager;
use Shaarli\Security\LoginManager;
use Slim\Http\Request;
use Slim\Http\Response;
* Class LogoutController
* Slim controller used to logout the user.
* It invalidates page cache and terminate the user session. Then it redirects to the homepage.
class LogoutController extends ShaarliAdminController
public function index(Request $request, Response $response): Response
$this->container->basePath . '/'
return $this->redirect($response, '/');

namespace Shaarli\Front\Controller\Admin;
use Shaarli\Bookmark\BookmarkFilter;
use Shaarli\Render\TemplatePage;
use Slim\Http\Request;
use Slim\Http\Response;
* Class ManageTagController
* Slim controller used to handle Shaarli manage tags page (rename and delete tags).
class ManageTagController extends ShaarliAdminController
* GET /admin/tags - Displays the manage tags page
public function index(Request $request, Response $response): Response
$fromTag = $request->getParam('fromtag') ?? '';
$this->assignView('fromtag', escape($fromTag));
$separator = escape($this->container->conf->get('general.tags_separator', ' '));
if ($separator === ' ') {
$separator = '&nbsp;';
$this->assignView('tags_separator_desc', t('whitespace'));
$this->assignView('tags_separator', $separator);
t('Manage tags') . ' - ' . $this->container->conf->get('general.title', 'Shaarli')
return $response->write($this->render(TemplatePage::CHANGE_TAG));
* POST /admin/tags - Update or delete provided tag
public function save(Request $request, Response $response): Response
$isDelete = null !== $request->getParam('deletetag') && null === $request->getParam('renametag');
$fromTag = trim($request->getParam('fromtag') ?? '');
$toTag = trim($request->getParam('totag') ?? '');
if (0 === strlen($fromTag) || false === $isDelete && 0 === strlen($toTag)) {
$this->saveWarningMessage(t('Invalid tags provided.'));
return $this->redirect($response, '/admin/tags');
// TODO: move this to bookmark service
$searchResult = $this->container->bookmarkService->search(
['searchtags' => $fromTag],
foreach ($searchResult->getBookmarks() as $bookmark) {
if (false === $isDelete) {
$bookmark->renameTag($fromTag, $toTag);
} else {
$this->container->bookmarkService->set($bookmark, false);
$count = $searchResult->getResultCount();
if (true === $isDelete) {
$alert = sprintf(
t('The tag was removed from %d bookmark.', 'The tag was removed from %d bookmarks.', $count),
} else {
$alert = sprintf(
t('The tag was renamed in %d bookmark.', 'The tag was renamed in %d bookmarks.', $count),
$redirect = true === $isDelete ? '/admin/tags' : '/?searchtags=' . urlencode($toTag);
return $this->redirect($response, $redirect);
* POST /admin/tags/change-separator - Change tag separator
public function changeSeparator(Request $request, Response $response): Response
$reservedCharacters = ['-', '.', '*'];
$newSeparator = $request->getParam('separator');
if ($newSeparator === null || mb_strlen($newSeparator) !== 1) {
$this->saveErrorMessage(t('Tags separator must be a single character.'));
} elseif (in_array($newSeparator, $reservedCharacters, true)) {
$reservedCharacters = implode(' ', array_map(function (string $character) {
return '<code>' . $character . '</code>';
}, $reservedCharacters));
t('These characters are reserved and can\'t be used as tags separator: ') . $reservedCharacters
} else {
$this->container->conf->set('general.tags_separator', $newSeparator, true, true);
$this->saveSuccessMessage('Your tags separator setting has been updated!');
return $this->redirect($response, '/admin/tags');

namespace Shaarli\Front\Controller\Admin;
use Slim\Http\Request;
use Slim\Http\Response;
* Controller used to retrieve/update bookmark's metadata.
class MetadataController extends ShaarliAdminController
* GET /admin/metadata/{url} - Attempt to retrieve the bookmark title from provided URL.
public function ajaxRetrieveTitle(Request $request, Response $response): Response
$url = $request->getParam('url');
// Only try to extract metadata from URL with HTTP(s) scheme
if (!empty($url) && strpos(get_url_scheme($url) ?: '', 'http') !== false) {
return $response->withJson($this->container->metadataRetriever->retrieve($url));
return $response->withJson([]);

namespace Shaarli\Front\Controller\Admin;
use Shaarli\Container\ShaarliContainer;
use Shaarli\Front\Exception\OpenShaarliPasswordException;
use Shaarli\Front\Exception\ShaarliFrontException;
use Shaarli\Render\TemplatePage;
use Slim\Http\Request;
use Slim\Http\Response;
use Throwable;
* Class PasswordController
* Slim controller used to handle passwords update.
class PasswordController extends ShaarliAdminController
public function __construct(ShaarliContainer $container)
t('Change password') . ' - ' . $this->container->conf->get('general.title', 'Shaarli')
* GET /admin/password - Displays the change password template
public function index(Request $request, Response $response): Response
return $response->write($this->render(TemplatePage::CHANGE_PASSWORD));
* POST /admin/password - Change admin password - existing and new passwords need to be provided.
public function change(Request $request, Response $response): Response
if ($this->container->conf->get('security.open_shaarli', false)) {
throw new OpenShaarliPasswordException();
$oldPassword = $request->getParam('oldpassword');
$newPassword = $request->getParam('setpassword');
if (empty($newPassword) || empty($oldPassword)) {
$this->saveErrorMessage(t('You must provide the current and new password to change it.'));
return $response
// Make sure old password is correct.
$oldHash = sha1(
$oldPassword .
$this->container->conf->get('credentials.login') .
if ($oldHash !== $this->container->conf->get('credentials.hash')) {
$this->saveErrorMessage(t('The old password is not correct.'));
return $response
// Save new password
// Salt renders rainbow-tables attacks useless.
$this->container->conf->set('credentials.salt', sha1(uniqid('', true) . '_' . mt_rand()));
. $this->container->conf->get('credentials.login')
. $this->container->conf->get('credentials.salt')
try {
} catch (Throwable $e) {
throw new ShaarliFrontException($e->getMessage(), 500, $e);
$this->saveSuccessMessage(t('Your password has been changed'));
return $response->write($this->render(TemplatePage::CHANGE_PASSWORD));

namespace Shaarli\Front\Controller\Admin;
use Exception;
use Shaarli\Render\TemplatePage;
use Slim\Http\Request;
use Slim\Http\Response;
* Class PluginsController
* Slim controller used to handle Shaarli plugins configuration page (display + save new config).
class PluginsController extends ShaarliAdminController
* GET /admin/plugins - Displays the configuration page
public function index(Request $request, Response $response): Response
$pluginMeta = $this->container->pluginManager->getPluginsMeta();
// Split plugins into 2 arrays: ordered enabled plugins and disabled.
$enabledPlugins = array_filter($pluginMeta, function ($v) {
return ($v['order'] ?? false) !== false;
$enabledPlugins = load_plugin_parameter_values($enabledPlugins, $this->container->conf->get('plugins', []));
function ($a, $b) {
return $a['order'] - $b['order'];
$disabledPlugins = array_filter($pluginMeta, function ($v) {
return ($v['order'] ?? false) === false;
$this->assignView('enabledPlugins', $enabledPlugins);
$this->assignView('disabledPlugins', $disabledPlugins);
t('Plugin Administration') . ' - ' . $this->container->conf->get('general.title', 'Shaarli')
return $response->write($this->render(TemplatePage::PLUGINS_ADMIN));
* POST /admin/plugins - Update Shaarli's configuration
public function save(Request $request, Response $response): Response
try {
$parameters = $request->getParams() ?? [];
$this->executePageHooks('save_plugin_parameters', $parameters);
if (isset($parameters['parameters_form'])) {
foreach ($parameters as $param => $value) {
$this->container->conf->set('plugins.' . $param, escape($value));
} else {
$this->container->conf->set('general.enabled_plugins', save_plugin_config($parameters));
$this->saveSuccessMessage(t('Setting successfully saved.'));
} catch (Exception $e) {
t('Error while saving plugin configuration: ') . PHP_EOL . $e->getMessage()
return $this->redirect($response, '/admin/plugins');

namespace Shaarli\Front\Controller\Admin;
use Shaarli\Helper\ApplicationUtils;
use Shaarli\Helper\FileUtils;
use Slim\Http\Request;
use Slim\Http\Response;
* Slim controller used to handle Server administration page, and actions.
class ServerController extends ShaarliAdminController
/** @var string Cache type - main - by default pagecache/ and tmp/ */
protected const CACHE_MAIN = 'main';
/** @var string Cache type - thumbnails - by default cache/ */
protected const CACHE_THUMB = 'thumbnails';
* GET /admin/server - Display page Server administration
public function index(Request $request, Response $response): Response
$releaseUrl = ApplicationUtils::$GITHUB_URL . '/releases/';
if ($this->container->conf->get('updates.check_updates', true)) {
$latestVersion = 'v' . ApplicationUtils::getVersion(
ApplicationUtils::$GIT_RAW_URL . '/release/' . ApplicationUtils::$VERSION_FILE
$releaseUrl .= 'tag/' . $latestVersion;
} else {
$latestVersion = t('Check disabled');
$currentVersion = ApplicationUtils::getVersion('./shaarli_version.php');
$currentVersion = $currentVersion === 'dev' ? $currentVersion : 'v' . $currentVersion;
$phpEol = new \DateTimeImmutable(ApplicationUtils::getPhpEol(PHP_VERSION));
$permissions = array_merge(
$this->assignView('php_version', PHP_VERSION);
$this->assignView('php_eol', format_date($phpEol, false));
$this->assignView('php_has_reached_eol', $phpEol < new \DateTimeImmutable());
$this->assignView('php_extensions', ApplicationUtils::getPhpExtensionsRequirement());
$this->assignView('permissions', $permissions);
$this->assignView('release_url', $releaseUrl);
$this->assignView('latest_version', $latestVersion);
$this->assignView('current_version', $currentVersion);
$this->assignView('thumbnails_mode', $this->container->conf->get('thumbnails.mode'));
$this->assignView('index_url', index_url($this->container->environment));
$this->assignView('client_ip', client_ip_id($this->container->environment));
$this->assignView('trusted_proxies', $this->container->conf->get('security.trusted_proxies', []));
t('Server administration') . ' - ' . $this->container->conf->get('general.title', 'Shaarli')
return $response->write($this->render('server'));
* GET /admin/clear-cache?type={$type} - Action to trigger cache folder clearing (either main or thumbnails).
public function clearCache(Request $request, Response $response): Response
$exclude = ['.htaccess'];
if ($request->getQueryParam('type') === static::CACHE_THUMB) {
$folders = [$this->container->conf->get('resource.thumbnails_cache')];
t('Thumbnails cache has been cleared.') . ' ' .
'<a href="' . $this->container->basePath . '/admin/thumbnails">' .
t('Please synchronize them.') .
} else {
$folders = [
$this->saveSuccessMessage(t('Shaarli\'s cache folder has been cleared!'));
// Make sure that we don't delete root cache folder
$folders = array_map('realpath', array_values(array_filter(array_map('trim', $folders))));
foreach ($folders as $folder) {
FileUtils::clearFolder($folder, false, $exclude);
return $this->redirect($response, '/admin/server');

namespace Shaarli\Front\Controller\Admin;
use Shaarli\Bookmark\BookmarkFilter;
use Shaarli\Security\SessionManager;
use Slim\Http\Request;
use Slim\Http\Response;
* Class SessionFilterController
* Slim controller used to handle filters stored in the user session, such as visibility, etc.
class SessionFilterController extends ShaarliAdminController
* GET /admin/visibility: allows to display only public or only private bookmarks in linklist
public function visibility(Request $request, Response $response, array $args): Response
if (false === $this->container->loginManager->isLoggedIn()) {
return $this->redirectFromReferer($request, $response, ['visibility']);
$newVisibility = $args['visibility'] ?? null;
if (false === in_array($newVisibility, [BookmarkFilter::$PRIVATE, BookmarkFilter::$PUBLIC], true)) {
$newVisibility = null;
$currentVisibility = $this->container->sessionManager->getSessionParameter(SessionManager::KEY_VISIBILITY);
// Visibility not set or not already expected value, set expected value, otherwise reset it
if ($newVisibility !== null && (null === $currentVisibility || $currentVisibility !== $newVisibility)) {
// See only public bookmarks
} else {
return $this->redirectFromReferer($request, $response, ['visibility']);

namespace Shaarli\Front\Controller\Admin;
use Shaarli\Formatter\BookmarkMarkdownFormatter;
use Shaarli\Render\TemplatePage;
use Slim\Http\Request;
use Slim\Http\Response;
class ShaareAddController extends ShaarliAdminController
* GET /admin/add-shaare - Displays the form used to create a new bookmark from an URL
public function addShaare(Request $request, Response $response): Response
$tags = $this->container->bookmarkService->bookmarksCountPerTag();
if ($this->container->conf->get('formatter') === 'markdown') {
$tags[BookmarkMarkdownFormatter::NO_MD_TAG] = 1;
t('Shaare a new link') . ' - ' . $this->container->conf->get('general.title', 'Shaarli')
$this->assignView('tags', $tags);
$this->assignView('default_private_links', $this->container->conf->get('privacy.default_private_links', false));
$this->assignView('async_metadata', $this->container->conf->get('general.enable_async_metadata', true));
return $response->write($this->render(TemplatePage::ADDLINK));

namespace Shaarli\Front\Controller\Admin;
use Shaarli\Bookmark\Exception\BookmarkNotFoundException;
use Slim\Http\Request;
use Slim\Http\Response;
* Class PostBookmarkController
* Slim controller used to handle Shaarli create or edit bookmarks.
class ShaareManageController extends ShaarliAdminController
* GET /admin/shaare/delete - Delete one or multiple bookmarks (depending on `id` query parameter).
public function deleteBookmark(Request $request, Response $response): Response
$ids = escape(trim($request->getParam('id') ?? ''));
if (empty($ids) || strpos($ids, ' ') !== false) {
// multiple, space-separated ids provided
$ids = array_values(array_filter(preg_split('/\s+/', $ids), 'ctype_digit'));
} else {
$ids = [$ids];
// assert at least one id is given
if (0 === count($ids)) {
$this->saveErrorMessage(t('Invalid bookmark ID provided.'));
return $this->redirectFromReferer($request, $response, [], ['delete-shaare']);
$formatter = $this->container->formatterFactory->getFormatter('raw');
$count = 0;
foreach ($ids as $id) {
try {
$bookmark = $this->container->bookmarkService->get((int) $id);
} catch (BookmarkNotFoundException $e) {
t('Bookmark with identifier %s could not be found.'),
$data = $formatter->format($bookmark);
$this->executePageHooks('delete_link', $data);
$this->container->bookmarkService->remove($bookmark, false);
if ($count > 0) {
// If we are called from the bookmarklet, we must close the popup:
if ($request->getParam('source') === 'bookmarklet') {
return $response->write('<script>self.close();</script>');
if ($request->getParam('source') === 'batch') {
return $response->withStatus(204);
// Don't redirect to permalink after deletion.
return $this->redirectFromReferer($request, $response, ['shaare/']);
* GET /admin/shaare/visibility
* Change visibility (public/private) of one or multiple bookmarks (depending on `id` query parameter).
public function changeVisibility(Request $request, Response $response): Response
$ids = trim(escape($request->getParam('id') ?? ''));
if (empty($ids) || strpos($ids, ' ') !== false) {
// multiple, space-separated ids provided
$ids = array_values(array_filter(preg_split('/\s+/', $ids), 'ctype_digit'));
} else {
// only a single id provided
$ids = [$ids];
// assert at least one id is given
if (0 === count($ids)) {
$this->saveErrorMessage(t('Invalid bookmark ID provided.'));
return $this->redirectFromReferer($request, $response, [], ['change_visibility']);
// assert that the visibility is valid
$visibility = $request->getParam('newVisibility');
if (null === $visibility || false === in_array($visibility, ['public', 'private'], true)) {
$this->saveErrorMessage(t('Invalid visibility provided.'));
return $this->redirectFromReferer($request, $response, [], ['change_visibility']);
} else {
$isPrivate = $visibility === 'private';
$formatter = $this->container->formatterFactory->getFormatter('raw');
$count = 0;
foreach ($ids as $id) {
try {
$bookmark = $this->container->bookmarkService->get((int) $id);
} catch (BookmarkNotFoundException $e) {
t('Bookmark with identifier %s could not be found.'),
// To preserve backward compatibility with 3rd parties, plugins still use arrays
$data = $formatter->format($bookmark);
$this->executePageHooks('save_link', $data);
$bookmark->fromArray($data, $this->container->conf->get('general.tags_separator', ' '));
$this->container->bookmarkService->set($bookmark, false);
if ($count > 0) {
return $this->redirectFromReferer($request, $response, ['/visibility'], ['change_visibility']);
* GET /admin/shaare/{id}/pin - Pin or unpin a bookmark.
public function pinBookmark(Request $request, Response $response, array $args): Response
$id = $args['id'] ?? '';
try {
if (false === ctype_digit($id)) {
throw new BookmarkNotFoundException();
$bookmark = $this->container->bookmarkService->get((int) $id); // Read database
} catch (BookmarkNotFoundException $e) {
t('Bookmark with identifier %s could not be found.'),
return $this->redirectFromReferer($request, $response, ['/pin'], ['pin']);
$formatter = $this->container->formatterFactory->getFormatter('raw');
// To preserve backward compatibility with 3rd parties, plugins still use arrays
$data = $formatter->format($bookmark);
$this->executePageHooks('save_link', $data);
$bookmark->fromArray($data, $this->container->conf->get('general.tags_separator', ' '));
return $this->redirectFromReferer($request, $response, ['/pin'], ['pin']);
* GET /admin/shaare/private/{hash} - Attach a private key to given bookmark, then redirect to the sharing URL.
public function sharePrivate(Request $request, Response $response, array $args): Response
$hash = $args['hash'] ?? '';
$bookmark = $this->container->bookmarkService->findByHash($hash);
if ($bookmark->isPrivate() !== true) {
return $this->redirect($response, '/shaare/' . $hash);
if (empty($bookmark->getAdditionalContentEntry('private_key'))) {
$privateKey = bin2hex(random_bytes(16));
$bookmark->setAdditionalContentEntry('private_key', $privateKey);
return $this->redirect(
'/shaare/' . $hash . '?key=' . $bookmark->getAdditionalContentEntry('private_key')
* POST /admin/shaare/update-tags
* Bulk add or delete a tags on one or multiple bookmarks.
public function addOrDeleteTags(Request $request, Response $response): Response
$ids = trim(escape($request->getParam('id') ?? ''));
if (empty($ids) || strpos($ids, ' ') !== false) {
// multiple, space-separated ids provided
$ids = array_values(array_filter(preg_split('/\s+/', $ids), 'ctype_digit'));
} else {
// only a single id provided
$ids = [$ids];
// assert at least one id is given
if (0 === count($ids)) {
$this->saveErrorMessage(t('Invalid bookmark ID provided.'));
return $this->redirectFromReferer($request, $response, ['/updateTag'], []);
// assert that the action is valid
$action = $request->getParam('action');
if (!in_array($action, ['add', 'delete'], true)) {
$this->saveErrorMessage(t('Invalid action provided.'));
return $this->redirectFromReferer($request, $response, ['/updateTag'], []);
// assert that the tag name is valid
$tagString = trim($request->getParam('tag'));
if (empty($tagString)) {
$this->saveErrorMessage(t('Invalid tag name provided.'));
return $this->redirectFromReferer($request, $response, ['/updateTag'], []);
$tags = tags_str2array($tagString, $this->container->conf->get('general.tags_separator', ' '));
$formatter = $this->container->formatterFactory->getFormatter('raw');
$count = 0;
foreach ($ids as $id) {
try {
$bookmark = $this->container->bookmarkService->get((int) $id);
} catch (BookmarkNotFoundException $e) {
t('Bookmark with identifier %s could not be found.'),
foreach ($tags as $tag) {
if ($action === 'add') {
} else {
// To preserve backward compatibility with 3rd parties, plugins still use arrays
$data = $formatter->format($bookmark);
$this->executePageHooks('save_link', $data);
$bookmark->fromArray($data, $this->container->conf->get('general.tags_separator', ' '));
$this->container->bookmarkService->set($bookmark, false);
if ($count > 0) {
return $this->redirectFromReferer($request, $response, ['/updateTag'], []);

namespace Shaarli\Front\Controller\Admin;
use Shaarli\Bookmark\Bookmark;
use Shaarli\Bookmark\Exception\BookmarkNotFoundException;
use Shaarli\Formatter\BookmarkFormatter;
use Shaarli\Formatter\BookmarkMarkdownFormatter;
use Shaarli\Render\TemplatePage;
use Shaarli\Thumbnailer;
use Slim\Http\Request;
use Slim\Http\Response;
class ShaarePublishController extends ShaarliAdminController
* @var BookmarkFormatter[] Statically cached instances of formatters
protected $formatters = [];
* @var array Statically cached bookmark's tags counts
protected $tags;
* GET /admin/shaare - Displays the bookmark form for creation.
* Note that if the URL is found in existing bookmarks, then it will be in edit mode.
public function displayCreateForm(Request $request, Response $response): Response
$url = cleanup_url($request->getParam('post'));
$link = $this->buildLinkDataFromUrl($request, $url);
return $this->displayForm($link, $link['linkIsNew'], $request, $response);
* POST /admin/shaare-batch - Displays multiple creation/edit forms from bulk add in add-link page.
public function displayCreateBatchForms(Request $request, Response $response): Response
$urls = array_map('cleanup_url', explode(PHP_EOL, $request->getParam('urls')));
$links = [];
foreach ($urls as $url) {
if (empty($url)) {
$link = $this->buildLinkDataFromUrl($request, $url);
$data = $this->buildFormData($link, $link['linkIsNew'], $request);
$data['token'] = $this->container->sessionManager->generateToken();
$data['source'] = 'batch';
$this->executePageHooks('render_editlink', $data, TemplatePage::EDIT_LINK);
$links[] = $data;
$this->assignView('links', $links);
$this->assignView('batch_mode', true);
$this->assignView('async_metadata', $this->container->conf->get('general.enable_async_metadata', true));
return $response->write($this->render(TemplatePage::EDIT_LINK_BATCH));
* GET /admin/shaare/{id} - Displays the bookmark form in edition mode.
public function displayEditForm(Request $request, Response $response, array $args): Response
$id = $args['id'] ?? '';
try {
if (false === ctype_digit($id)) {
throw new BookmarkNotFoundException();
$bookmark = $this->container->bookmarkService->get((int) $id); // Read database
} catch (BookmarkNotFoundException $e) {
t('Bookmark with identifier %s could not be found.'),
return $this->redirect($response, '/');
$formatter = $this->getFormatter('raw');
$link = $formatter->format($bookmark);
return $this->displayForm($link, false, $request, $response);
* POST /admin/shaare
public function save(Request $request, Response $response): Response
// lf_id should only be present if the link exists.
$id = $request->getParam('lf_id') !== null ? intval(escape($request->getParam('lf_id'))) : null;
if (null !== $id && true === $this->container->bookmarkService->exists($id)) {
// Edit
$bookmark = $this->container->bookmarkService->get($id);
} else {
// New link
$bookmark = new Bookmark();
$bookmark->setUrl($request->getParam('lf_url'), $this->container->conf->get('security.allowed_protocols', []));
$bookmark->setPrivate(filter_var($request->getParam('lf_private'), FILTER_VALIDATE_BOOLEAN));
$this->container->conf->get('general.tags_separator', ' ')
if (
$this->container->conf->get('thumbnails.mode', Thumbnailer::MODE_NONE) !== Thumbnailer::MODE_NONE
&& true !== $this->container->conf->get('general.enable_async_metadata', true)
&& $bookmark->shouldUpdateThumbnail()
) {
$this->container->bookmarkService->addOrSet($bookmark, false);
// To preserve backward compatibility with 3rd parties, plugins still use arrays
$formatter = $this->getFormatter('raw');
$data = $formatter->format($bookmark);
$this->executePageHooks('save_link', $data);
$bookmark->fromArray($data, $this->container->conf->get('general.tags_separator', ' '));
// If we are called from the bookmarklet, we must close the popup:
if ($request->getParam('source') === 'bookmarklet') {
return $response->write('<script>self.close();</script>');
} elseif ($request->getParam('source') === 'batch') {
return $response;
if (!empty($request->getParam('returnurl'))) {
$this->container->environment['HTTP_REFERER'] = $request->getParam('returnurl');
return $this->redirectFromReferer(
['/admin/add-shaare', '/admin/shaare'],
['addlink', 'post', 'edit_link'],
* Helper function used to display the shaare form whether it's a new or existing bookmark.
* @param array $link data used in template, either from parameters or from the data store
protected function displayForm(array $link, bool $isNew, Request $request, Response $response): Response
$data = $this->buildFormData($link, $isNew, $request);
$this->executePageHooks('render_editlink', $data, TemplatePage::EDIT_LINK);
foreach ($data as $key => $value) {
$this->assignView($key, $value);
$editLabel = false === $isNew ? t('Edit') . ' ' : '';
$editLabel . t('Shaare') . ' - ' . $this->container->conf->get('general.title', 'Shaarli')
return $response->write($this->render(TemplatePage::EDIT_LINK));
protected function buildLinkDataFromUrl(Request $request, string $url): array
// Check if URL is not already in database (in this case, we will edit the existing link)
$bookmark = $this->container->bookmarkService->findByUrl($url);
if (null === $bookmark) {
// Get shaare data if it was provided in URL (e.g.: by the bookmarklet).
$title = $request->getParam('title');
$description = $request->getParam('description');
$tags = $request->getParam('tags');
if ($request->getParam('private') !== null) {
$private = filter_var($request->getParam('private'), FILTER_VALIDATE_BOOLEAN);
} else {
$private = $this->container->conf->get('privacy.default_private_links', false);
// If this is an HTTP(S) link, we try go get the page to extract
// the title (otherwise we will to straight to the edit form.)
if (
true !== $this->container->conf->get('general.enable_async_metadata', true)
&& empty($title)
&& strpos(get_url_scheme($url) ?: '', 'http') !== false
) {
$metadata = $this->container->metadataRetriever->retrieve($url);
if (empty($url)) {
$metadata['title'] = $this->container->conf->get('general.default_note_title', t('Note: '));
return [
'title' => $title ?? $metadata['title'] ?? '',
'url' => $url ?? '',
'description' => $description ?? $metadata['description'] ?? '',
'tags' => $tags ?? $metadata['tags'] ?? '',
'private' => $private,
'linkIsNew' => true,
$formatter = $this->getFormatter('raw');
$link = $formatter->format($bookmark);
$link['linkIsNew'] = false;
return $link;
protected function buildFormData(array $link, bool $isNew, Request $request): array
$link['tags'] = $link['tags'] !== null && strlen($link['tags']) > 0
? $link['tags'] . $this->container->conf->get('general.tags_separator', ' ')
: $link['tags']
return escape([
'link' => $link,
'link_is_new' => $isNew,
'http_referer' => $this->container->environment['HTTP_REFERER'] ?? '',
'source' => $request->getParam('source') ?? '',
'tags' => $this->getTags(),
'default_private_links' => $this->container->conf->get('privacy.default_private_links', false),
'async_metadata' => $this->container->conf->get('general.enable_async_metadata', true),
'retrieve_description' => $this->container->conf->get('general.retrieve_description', false),
* Memoize formatterFactory->getFormatter() calls.
protected function getFormatter(string $type): BookmarkFormatter
if (!array_key_exists($type, $this->formatters) || $this->formatters[$type] === null) {
$this->formatters[$type] = $this->container->formatterFactory->getFormatter($type);
return $this->formatters[$type];
* Memoize bookmarkService->bookmarksCountPerTag() calls.
protected function getTags(): array
if ($this->tags === null) {
$this->tags = $this->container->bookmarkService->bookmarksCountPerTag();
if ($this->container->conf->get('formatter') === 'markdown') {
$this->tags[BookmarkMarkdownFormatter::NO_MD_TAG] = 1;
return $this->tags;

namespace Shaarli\Front\Controller\Admin;
use Shaarli\Front\Controller\Visitor\ShaarliVisitorController;
use Shaarli\Front\Exception\WrongTokenException;
use Shaarli\Security\SessionManager;
use Slim\Http\Request;
* Class ShaarliAdminController
* All admin controllers (for logged in users) MUST extend this abstract class.
* It makes sure that the user is properly logged in, and otherwise throw an exception
* which will redirect to the login page.
* @package Shaarli\Front\Controller\Admin
abstract class ShaarliAdminController extends ShaarliVisitorController
* Any persistent action to the config or data store must check the XSRF token validity.
protected function checkToken(Request $request): bool
if (!$this->container->sessionManager->checkToken($request->getParam('token'))) {
throw new WrongTokenException();
return true;
* Save a SUCCESS message in user session, which will be displayed on any template page.
protected function saveSuccessMessage(string $message): void
$this->saveMessage(SessionManager::KEY_SUCCESS_MESSAGES, $message);
* Save a WARNING message in user session, which will be displayed on any template page.
protected function saveWarningMessage(string $message): void
$this->saveMessage(SessionManager::KEY_WARNING_MESSAGES, $message);
* Save an ERROR message in user session, which will be displayed on any template page.
protected function saveErrorMessage(string $message): void
$this->saveMessage(SessionManager::KEY_ERROR_MESSAGES, $message);
* Use the sessionManager to save the provided message using the proper type.
* @param string $type successes/warnings/errors
protected function saveMessage(string $type, string $message): void
$messages = $this->container->sessionManager->getSessionParameter($type) ?? [];
$messages[] = $message;
$this->container->sessionManager->setSessionParameter($type, $messages);

namespace Shaarli\Front\Controller\Admin;
use Shaarli\Bookmark\Exception\BookmarkNotFoundException;
use Shaarli\Render\TemplatePage;
use Slim\Http\Request;
use Slim\Http\Response;
* Class ToolsController
* Slim controller used to handle thumbnails update.
class ThumbnailsController extends ShaarliAdminController
* GET /admin/thumbnails - Display thumbnails update page
public function index(Request $request, Response $response): Response
$ids = [];
foreach ($this->container->bookmarkService->search()->getBookmarks() as $bookmark) {
// A note or not HTTP(S)
if ($bookmark->isNote() || !startsWith(strtolower($bookmark->getUrl()), 'http')) {
$ids[] = $bookmark->getId();
$this->assignView('ids', $ids);
t('Thumbnails update') . ' - ' . $this->container->conf->get('general.title', 'Shaarli')
return $response->write($this->render(TemplatePage::THUMBNAILS));
* PATCH /admin/shaare/{id}/thumbnail-update - Route for AJAX calls
public function ajaxUpdate(Request $request, Response $response, array $args): Response
$id = $args['id'] ?? '';
if (false === ctype_digit($id)) {
return $response->withStatus(400);
try {
$bookmark = $this->container->bookmarkService->get((int) $id);
} catch (BookmarkNotFoundException $e) {
return $response->withStatus(404);
return $response->withJson($this->container->formatterFactory->getFormatter('raw')->format($bookmark));

Some files were not shown because too many files have changed in this diff Show more