Merge pull request #595 from wallabag/dev

wallabag 1.6.0

.gitignore

@@ -3,4 +3,5 @@ cache/*
 vendor
 composer.phar
 db/poche.sqlite
-inc/poche/config.inc.php
+inc/poche/config.inc.php
+inc/3rdparty/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer/

TRANSLATION.md

@@ -0,0 +1,67 @@
+# How to manage translations of wallabag
+
+This guide will describe procedure of translation management of wallabag web application.
+
+All translation are made using [gettext](http://en.wikipedia.org/wiki/Gettext) system and tools. 
+
+You will need [Poedit](http://www.poedit.net/download.php) editor to update, edit and create your translation files comfortably. In general, you can handle translations also without it: all can be done using gettext tools and your favorite plain text editor only. This guide, however, describes editing with Poedit. If you want to use gettext only, pls refer to xgettext manual page to update po files from sources (see also how it is used by Poedit below) and use msgunfmt tool to compile .mo files manually.  
+
+You need to know, that translation phrases are stored in **".po"** files (for example: `locale/pl_PL.utf8/LC_MESSAGES/pl_PL.utf8.po`), which are then complied in **".mo"** files using **msgfmt** gettext tool or by Poedit, which will run msgfmt for you in background. 
+
+**It's assumed, that you have wallabag installed locally on your computer or on the server you have access to.**
+
+## To change existing translation you will need to do:
+
+### 1. Clear cache
+You can do this using **http://your-wallabag-host.com/?empty-cache** link (replace http://your-wallabag-host.com/ with real url of your wallabag application)
+
+OR
+
+from command line:
+go to root of your installation of wallabag project and run next command:
+
+`rm -rf ./cache/*`
+
+(this may require root privileges if you run, for example Apatche web server with mod_php)
+
+### 2. Generate php files from all twig templates
+Do this using next command:
+
+`php ./locale/tools/fillCache.php`
+
+OR
+
+from your browser: **http://your-wallabag-host.com/locale/tools/fillCache.php** (this may require removal of .htacces file in locale/ directory).
+
+### 3. Configure your Poedit
+Open Poedit editor, open Edit->Preferences. Go to "Parsers" tab, click on PHP and press "Edit" button. Make sure your "Parser command:" looks like
+
+`xgettext --no-location --force-po -o %o %C %K %F`
+
+Usualy it is required to add "--no-location" to default value. 
+
+### 4. Open .po file you want to edit in Poedit and change it's settings
+Open, for example `locale/pl_PL.utf8/LC_MESSAGES/pl_PL.utf8.po` file in your Poedit.
+
+Go to "Catalog"->"Settings..." menu. Go to "Path" tab and add path to wallabag installaion in your local file system. This step can't be ommited as you will not be able to update phrases otherwise.
+
+You can also check "project into" tab to be sure, that "Language" is set correctly (this will allow you to spell check your translation).
+
+### 5. Update opened .po file from sources
+Once you have set your path correctly, you are able to update phrases from sources. Press "Update catalog - synchronize it with sources" button or go to "Catalog"->"Update from sources" menu.
+
+As a result you will see confirmation popup with two tabs: "New strings" and "Obsolete strings". Pls review and accept changes (or press "Undo" if you see too many obsolete strings, as Poedit will remove them all - in this case please make sure all previous steps are performed w/o errors).
+
+### 6. Translate and save your .po file
+If you have any dificulties on this step, please consult with Poedit manual.
+Every time you save your .po file, Poedit will also comple appropriate .mo file by default (of course, if not disabled in preferences).
+
+So, you are almost done.
+
+### 7. Clear cache again
+This step may be required if your web server runs php scripts in name of, say, www user (i.e. Apache with mod_php, not cgi).
+
+
+##To create new translation 
+Please simple create appropriate directories in locale folder and perform all steps, described above. Instead of opening an existing file just create new one.
+

check_setup.php

@@ -13,16 +13,6 @@
     }
 }
 
-// Check PDO Sqlite
-if (! extension_loaded('pdo_sqlite')) {
-    die('PHP extension required: pdo_sqlite');
-}
-
-// Check ZIP
-if (! extension_loaded('zip')) {
-    die('PHP extension required: zip');
-}
-
 // Check if /cache is writeable
 if (! is_writable('cache')) {
     die('The directory "cache" must be writeable by your web server user');

inc/3rdparty/Session.class.php

@@ -31,9 +31,9 @@ class Session
     public static $sessionName = '';
     // If the user does not access any page within this time,
     // his/her session is considered expired (3600 sec. = 1 hour)
-    public static $inactivityTimeout = 86400;
+    public static $inactivityTimeout = 3600;
     // Extra timeout for long sessions (if enabled) (82800 sec. = 23 hours)
-    public static $longSessionTimeout = 31536000;
+    public static $longSessionTimeout = 7776000; // 7776000 = 90 days
     // If you get disconnected often or if your IP address changes often.
     // Let you disable session cookie hijacking protection
     public static $disableSessionProtection = false;
@@ -48,8 +48,13 @@ class Session
     /**
      * Initialize session
      */
-    public static function init()
+    public static function init($longlastingsession = false)
     {
+        //check if session name is correct
+        if ( (session_id() && !empty(self::$sessionName) && session_name()!=self::$sessionName) || $longlastingsession ) {
+            session_destroy();
+        }
+
         // Force cookie path (but do not change lifetime)
         $cookie = session_get_cookie_params();
         // Default cookie expiration and path.
@@ -61,12 +66,22 @@ public static function init()
         if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") {
             $ssl = true;
         }
-        session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['HTTP_HOST'], $ssl);
+
+        if ( $longlastingsession ) {
+            session_set_cookie_params(self::$longSessionTimeout, $cookiedir, null, $ssl, true);
+        }
+        else {
+            session_set_cookie_params(0, $cookiedir, null, $ssl, true);
+        }
+        //set server side valid session timeout
+        //WARNING! this may not work in shared session environment. See http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime about min value: it can be set in any application
+        ini_set('session.gc_maxlifetime', self::$longSessionTimeout);
+
         // Use cookies to store session.
         ini_set('session.use_cookies', 1);
         // Force cookies for session  (phpsessionID forbidden in URL)
         ini_set('session.use_only_cookies', 1);
-        if (!session_id()) {
+        if ( !session_id() ) {
             // Prevent php to use sessionID in URL if cookies are disabled.
             ini_set('session.use_trans_sid', false);
             if (!empty(self::$sessionName)) {
@@ -115,6 +130,9 @@ public static function login (
         if (self::banCanLogin()) {
             if ($login === $loginTest && $password === $passwordTest) {
                 self::banLoginOk();
+
+                self::init($longlastingsession);
+
                 // Generate unique random number to sign forms (HMAC)
                 $_SESSION['uid'] = sha1(uniqid('', true).'_'.mt_rand());
                 $_SESSION['ip'] = self::_allIPs();
@@ -135,6 +153,7 @@ public static function login (
             self::banLoginFailed();
         }
 
+        self::init();
         return false;
     }
 
@@ -143,7 +162,14 @@ public static function login (
      */
     public static function logout()
     {
-        unset($_SESSION['uid'],$_SESSION['ip'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass'], $_SESSION['longlastingsession'], $_SESSION['poche_user']);
+        // unset($_SESSION['uid'],$_SESSION['ip'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass'], $_SESSION['longlastingsession'], $_SESSION['poche_user']);
+
+        // Destruction du cookie (le code peut paraître complexe mais c'est pour être certain de reprendre les mêmes paramètres)
+        $args = array_merge(array(session_name(), ''), array_values(session_get_cookie_params()));
+        $args[2] = time() - 3600;
+        call_user_func_array('setcookie', $args);
+        // Suppression physique de la session
+        session_destroy();
     }
 
     /**
@@ -157,7 +183,7 @@ public static function isLogged()
             || (self::$disableSessionProtection === false
                 && $_SESSION['ip'] !== self::_allIPs())
             || time() >= $_SESSION['expires_on']) {
-            self::logout();
+            //self::logout();
 
             return false;
         }

inc/3rdparty/class.messages.php

@@ -59,6 +59,7 @@ public function __construct() {
 		$this->msgId = md5(uniqid());
 
 		// Create the session array if it doesnt already exist
+		settype($_SESSION, 'array');
 		if( !array_key_exists('flash_messages', $_SESSION) ) $_SESSION['flash_messages'] = array();
 
 	}
@@ -228,4 +229,4 @@ public function __destruct() {
 
 
 } // end class
-?>
+?>

inc/3rdparty/libraries/feedwriter/FeedItem.php

@@ -156,6 +156,7 @@ public function setLink($link)
 		if($this->version == RSS2 || $this->version == RSS1)
 		{
 			$this->setElement('link', $link);
+			$this->setElement('guid', $link);
 		}
 		else
 		{