diff --git a/inc/config.php b/inc/config.php index 58abb53..c4898cc 100644 --- a/inc/config.php +++ b/inc/config.php @@ -58,7 +58,7 @@ $store = new $storage_type(); # installation if(!$store->isInstalled()) { - pocheTool::logm('poche still not installed'); + pocheTools::logm('poche still not installed'); echo $twig->render('install.twig', array( 'token' => Session::getToken(), )); @@ -68,7 +68,7 @@ if(!$store->isInstalled()) # let's rock, install poche baby ! $store->install($_POST['login'], encode_string($_POST['password'] . $_POST['login'])); Session::logout(); - pocheTool::redirect(); + pocheTools::redirect(); } } exit(); diff --git a/inc/poche/pocheCore.php b/inc/poche/pocheCore.php index 34c15d8..e68696a 100644 --- a/inc/poche/pocheCore.php +++ b/inc/poche/pocheCore.php @@ -93,8 +93,8 @@ function get_external_file($url) function fetch_url_content($url) { $url = base64_decode($url); - if (pocheTool::isUrl($url)) { - $url = pocheTool::cleanURL($url); + if (pocheTools::isUrl($url)) { + $url = pocheTools::cleanURL($url); $html = Encoding::toUTF8(get_external_file($url)); # if get_external_file if not able to retrieve HTTPS content, try the same URL with HTTP protocol @@ -128,7 +128,7 @@ function fetch_url_content($url) } else { #$msg->add('e', _('error during url preparation : the link is not valid')); - pocheTool::logm($url . ' is not a valid url'); + pocheTools::logm($url . ' is not a valid url'); } return FALSE; @@ -141,16 +141,16 @@ function display_view($view, $id = 0, $full_head = 'yes') switch ($view) { case 'install': - pocheTool::logm('install mode'); + pocheTools::logm('install mode'); break; case 'import'; - pocheTool::logm('import mode'); + pocheTools::logm('import mode'); break; case 'export': $entries = $store->retrieveAll(); - $tpl->assign('export', pocheTool::renderJson($entries)); + $tpl->assign('export', pocheTools::renderJson($entries)); $tpl->draw('export'); - pocheTool::logm('export view'); + pocheTools::logm('export view'); break; case 'config': $tpl->assign('load_all_js', 0); @@ -159,12 +159,12 @@ function display_view($view, $id = 0, $full_head = 'yes') $tpl->draw('config'); $tpl->draw('js'); $tpl->draw('footer'); - pocheTool::logm('config view'); + pocheTools::logm('config view'); break; case 'view': $entry = $store->retrieveOneById($id); if ($entry != NULL) { - pocheTool::logm('view link #' . $id); + pocheTools::logm('view link #' . $id); $tpl->assign('id', $entry['id']); $tpl->assign('url', $entry['url']); $tpl->assign('title', $entry['title']); @@ -181,7 +181,7 @@ function display_view($view, $id = 0, $full_head = 'yes') $tpl->draw('view'); } else { - pocheTool::logm('error in view call : entry is NULL'); + pocheTools::logm('error in view call : entry is NULL'); } break; default: # home view @@ -215,7 +215,7 @@ function action_to_do($action, $url, $id = 0) case 'add': if($parametres_url = fetch_url_content($url)) { if ($store->add($url, $parametres_url['title'], $parametres_url['content'])) { - pocheTool::logm('add link ' . $url); + pocheTools::logm('add link ' . $url); $last_id = $store->getLastId(); if (DOWNLOAD_PICTURES) { $content = filtre_picture($parametres_url['content'], $url, $last_id); @@ -224,12 +224,12 @@ function action_to_do($action, $url, $id = 0) } else { #$msg->add('e', _('error during insertion : the link wasn\'t added')); - pocheTool::logm('error during insertion : the link wasn\'t added'); + pocheTools::logm('error during insertion : the link wasn\'t added'); } } else { #$msg->add('e', _('error during url preparation : the link wasn\'t added')); - pocheTool::logm('error during content fetch'); + pocheTools::logm('error during content fetch'); } break; case 'delete': @@ -238,20 +238,20 @@ function action_to_do($action, $url, $id = 0) remove_directory(ABS_PATH . $id); } #$msg->add('s', _('the link has been deleted successfully')); - pocheTool::logm('delete link #' . $id); + pocheTools::logm('delete link #' . $id); } else { #$msg->add('e', _('the link wasn\'t deleted')); - pocheTool::logm('error : can\'t delete link #' . $id); + pocheTools::logm('error : can\'t delete link #' . $id); } break; case 'toggle_fav' : $store->favoriteById($id); - pocheTool::logm('mark as favorite link #' . $id); + pocheTools::logm('mark as favorite link #' . $id); break; case 'toggle_archive' : $store->archiveById($id); - pocheTool::logm('archive link #' . $id); + pocheTools::logm('archive link #' . $id); break; default: break; diff --git a/inc/poche/pocheTool.class.php b/inc/poche/pocheTool.class.php new file mode 100644 index 0000000..8907c18 --- /dev/null +++ b/inc/poche/pocheTool.class.php @@ -0,0 +1,126 @@ + + * @copyright 2013 + * @license http://www.wtfpl.net/ see COPYING file + */ + +class pocheTools +{ + public static function initPhp() + { + define('START_TIME', microtime(true)); + + if (phpversion() < 5) { + die(_('Oops, it seems you don\'t have PHP 5.')); + } + + error_reporting(E_ALL); + + function stripslashesDeep($value) { + return is_array($value) + ? array_map('stripslashesDeep', $value) + : stripslashes($value); + } + + if (get_magic_quotes_gpc()) { + $_POST = array_map('stripslashesDeep', $_POST); + $_GET = array_map('stripslashesDeep', $_GET); + $_COOKIE = array_map('stripslashesDeep', $_COOKIE); + } + + ob_start(); + register_shutdown_function('ob_end_flush'); + } + + public static function isUrl($url) + { + $pattern = '|^http(s)?://[a-z0-9-]+(.[a-z0-9-]+)*(:[0-9]+)?(/.*)?$|i'; + + return preg_match($pattern, $url); + } + + public static function getUrl() + { + $https = (!empty($_SERVER['HTTPS']) + && (strtolower($_SERVER['HTTPS']) == 'on')) + || (isset($_SERVER["SERVER_PORT"]) + && $_SERVER["SERVER_PORT"] == '443'); // HTTPS detection. + $serverport = (!isset($_SERVER["SERVER_PORT"]) + || $_SERVER["SERVER_PORT"] == '80' + || ($https && $_SERVER["SERVER_PORT"] == '443') + ? '' : ':' . $_SERVER["SERVER_PORT"]); + + $scriptname = str_replace('/index.php', '/', $_SERVER["SCRIPT_NAME"]); + + if (!isset($_SERVER["SERVER_NAME"])) { + return $scriptname; + } + + return 'http' . ($https ? 's' : '') . '://' + . $_SERVER["SERVER_NAME"] . $serverport . $scriptname; + } + + public static function redirect($url = '') + { + if ($url === '') { + $url = (empty($_SERVER['HTTP_REFERER'])?'?':$_SERVER['HTTP_REFERER']); + if (isset($_POST['returnurl'])) { + $url = $_POST['returnurl']; + } + } + + # prevent loop + if (empty($url) || parse_url($url, PHP_URL_QUERY) === $_SERVER['QUERY_STRING']) { + $url = pocheTool::getUrl(); + } + + if (substr($url, 0, 1) !== '?') { + $ref = pocheTool::getUrl(); + if (substr($url, 0, strlen($ref)) !== $ref) { + $url = $ref; + } + } + header('Location: '.$url); + exit(); + } + + public static function cleanURL($url) + { + + $url = html_entity_decode(trim($url)); + + $stuff = strpos($url,'&utm_source='); + if ($stuff !== FALSE) + $url = substr($url, 0, $stuff); + $stuff = strpos($url,'?utm_source='); + if ($stuff !== FALSE) + $url = substr($url, 0, $stuff); + $stuff = strpos($url,'#xtor=RSS-'); + if ($stuff !== FALSE) + $url = substr($url, 0, $stuff); + + return $url; + } + + public static function renderJson($data) + { + header('Cache-Control: no-cache, must-revalidate'); + header('Expires: Sat, 26 Jul 1997 05:00:00 GMT'); + header('Content-type: application/json; charset=UTF-8'); + + echo json_encode($data); + exit(); + } + + public static function logm($message) + { + if (DEBUG_POCHE) { + $t = strval(date('Y/m/d_H:i:s')) . ' - ' . $_SERVER["REMOTE_ADDR"] . ' - ' . strval($message) . "\n"; + file_put_contents('./log.txt', $t, FILE_APPEND); + } + } +} \ No newline at end of file diff --git a/inc/poche/pocheTools.class.php b/inc/poche/pocheTools.class.php index 8907c18..08c9dc8 100644 --- a/inc/poche/pocheTools.class.php +++ b/inc/poche/pocheTools.class.php @@ -75,11 +75,11 @@ class pocheTools # prevent loop if (empty($url) || parse_url($url, PHP_URL_QUERY) === $_SERVER['QUERY_STRING']) { - $url = pocheTool::getUrl(); + $url = pocheTools::getUrl(); } if (substr($url, 0, 1) !== '?') { - $ref = pocheTool::getUrl(); + $ref = pocheTools::getUrl(); if (substr($url, 0, strlen($ref)) !== $ref) { $url = $ref; } diff --git a/index.php b/index.php index 78daaaf..4962639 100644 --- a/index.php +++ b/index.php @@ -10,7 +10,7 @@ include dirname(__FILE__).'/inc/config.php'; -pocheTool::initPhp(); +pocheTools::initPhp(); # XSRF protection with token if (!empty($_POST)) { @@ -26,7 +26,7 @@ if (isset($_GET['login'])) { // Login if (!empty($_POST['login']) && !empty($_POST['password'])) { if (Session::login($_SESSION['login'], $_SESSION['pass'], $_POST['login'], encode_string($_POST['password'] . $_POST['login']))) { - pocheTool::logm('login successful'); + pocheTools::logm('login successful'); if (!empty($_POST['longlastingsession'])) { $_SESSION['longlastingsession'] = 31536000; $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession']; @@ -36,23 +36,23 @@ if (isset($_GET['login'])) { } session_regenerate_id(true); - pocheTool::redirect($referer); + pocheTools::redirect($referer); } - pocheTool::logm('login failed'); + pocheTools::logm('login failed'); die(_("Login failed !")); } else { - pocheTool::logm('login failed'); + pocheTools::logm('login failed'); } } elseif (isset($_GET['logout'])) { - pocheTool::logm('logout'); + pocheTools::logm('logout'); Session::logout(); - pocheTool::redirect(); + pocheTools::redirect(); } elseif (isset($_GET['config'])) { if (isset($_POST['password']) && isset($_POST['password_repeat'])) { if ($_POST['password'] == $_POST['password_repeat'] && $_POST['password'] != "") { - pocheTool::logm('password updated'); + pocheTools::logm('password updated'); if (!MODE_DEMO) { $store->updatePassword(encode_string($_POST['password'] . $_SESSION['login'])); #your password has been updated @@ -78,7 +78,7 @@ $tpl_vars = array( 'isLogged' => Session::isLogged(), 'referer' => $referer, 'view' => $view, - 'poche_url' => pocheTool::getUrl(), + 'poche_url' => pocheTools::getUrl(), 'demo' => MODE_DEMO, 'title' => _('poche, a read it later open source system'), );