Skip to content
Permalink
Browse files

[BIG] Move admin pages

* Allow to change the URL to access admin pages (why not `/god/tools`?)
* No more `.php` at the end => design ;-)

@ovh Tu en pense quoi ? Je les ai mis dans /includes/admin mais peu
importe, on peut changer.
  • Loading branch information...
LeoColomb committed Jan 4, 2014
1 parent fd58f80 commit 336a262a928ddcffdd98f7f08d7a9ac7fd774b52
File renamed without changes.
@@ -1,7 +1,7 @@
<?php
define( 'YOURLS_ADMIN', true );
define( 'YOURLS_AJAX', true );
require_once dirname( dirname( __FILE__ ) ) . '/includes/load-yourls.php';
require_once dirname( dirname( __FILE__ ) ) . '/load-yourls.php';
yourls_maybe_require_auth();
// This file will output a JSON string
@@ -12,7 +12,7 @@
*/
define( 'YOURLS_ADMIN', true );
require_once dirname( dirname( __FILE__ ) ) . '/includes/load-yourls.php';
require_once dirname( dirname( __FILE__ ) ) . '/load-yourls.php';
yourls_maybe_require_auth();
// Variables
@@ -12,7 +12,7 @@
*/
define( 'YOURLS_ADMIN', true );
require_once dirname( dirname( __FILE__ ) ) . '/includes/load-yourls.php';
require_once dirname( dirname( __FILE__ ) ) . '/load-yourls.php';
yourls_maybe_require_auth();
// Handle plugin administration pages
@@ -1,6 +1,6 @@
<?php
define( 'YOURLS_ADMIN', true );
require_once dirname( dirname( __FILE__ ) ) . '/includes/load-yourls.php';
require_once dirname( dirname( __FILE__ ) ) . '/load-yourls.php';
yourls_maybe_require_auth();
// Handle activation/deactivation of theme
@@ -1,6 +1,6 @@
<?php
define( 'YOURLS_ADMIN', true );
require_once dirname( dirname( __FILE__ ) ) . '/includes/load-yourls.php';
require_once dirname( dirname( __FILE__ ) ) . '/load-yourls.php';
yourls_maybe_require_auth();
yourls_html_head( 'tools', yourls__( 'Cool YOURLS Tools' ) );
@@ -1,7 +1,7 @@
<?php
define( 'YOURLS_ADMIN', true );
define( 'YOURLS_UPGRADING', true );
require_once dirname( dirname( __FILE__ ) ) . '/includes/load-yourls.php';
require_once dirname( dirname( __FILE__ ) ) . '/load-yourls.php';
require_once YOURLS_INC . '/functions-upgrade.php';
require_once YOURLS_INC . '/functions-install.php';
yourls_maybe_require_auth();
@@ -73,7 +73,7 @@ function yourls_html_logo( $linked = true ) {
yourls_do_action( 'pre_html_logo' );
$logo = '<img class="yourls-logo-img" src="' . yourls_site_url( false, YOURLS_ASSETURL . '/img/yourls-logo.png' ) . '" alt="YOURLS" title="YOURLS"/>';
if ( $linked )
$logo = yourls_html_link( yourls_admin_url( 'index.php' ), $logo, 'YOURLS', false, false );
$logo = yourls_html_link( yourls_admin_url( 'index' ), $logo, 'YOURLS', false, false );
?>
<div class="yourls-logo">
<?php echo $logo; ?>
@@ -132,25 +132,25 @@ function yourls_html_menu( $current_page = null ) {
$admin_sublinks = array();
$admin_links['admin'] = array(
'url' => yourls_admin_url( 'index.php' ),
'url' => yourls_admin_url( 'index' ),
'title' => yourls__( 'Go to the admin interface' ),
'anchor' => yourls__( 'Interface' ),
'icon' => 'home'
);
if( ( yourls_is_admin() && yourls_is_public_or_logged() ) || defined( 'YOURLS_USER' ) ) {
$admin_links['tools'] = array(
'url' => yourls_admin_url( 'tools.php' ),
'url' => yourls_admin_url( 'tools' ),
'anchor' => yourls__( 'Tools' ),
'icon' => 'wrench'
);
$admin_links['plugins'] = array(
'url' => yourls_admin_url( 'plugins.php' ),
'url' => yourls_admin_url( 'plugins' ),
'anchor' => yourls__( 'Plugins' ),
'icon' => 'cogs'
);
$admin_links['themes'] = array(
'url' => yourls_admin_url( 'themes.php' ),
'url' => yourls_admin_url( 'themes' ),
'anchor' => yourls__( 'Themes' ),
'icon' => 'picture-o'
);
@@ -396,7 +396,7 @@ function yourls_html_search( $params = array() ) {
$_select_search = yourls_html_select( 'search_in', $_options, $search_in );
$_button = '<span class="input-group-btn">
<button type="submit" id="submit-sort" class="btn btn-primary">' . yourls__( 'Search' ) . '</button>
<button type="button" id="submit-clear-filter" class="btn btn-danger" onclick="window.parent.location.href = \'index.php\'">' . yourls__( 'Clear' ) . '</button>
<button type="button" id="submit-clear-filter" class="btn btn-danger" onclick="window.parent.location.href = \'index\'">' . yourls__( 'Clear' ) . '</button>
</span>';
// Second search control: order by
@@ -524,7 +524,7 @@ function yourls_list_plugin_admin_pages() {
$plugin_links = array();
foreach( (array)$ydb->plugin_pages as $plugin => $page ) {
$plugin_links[ $plugin ] = array(
'url' => yourls_admin_url( 'plugins.php?page='.$page['slug'] ),
'url' => yourls_admin_url( 'plugins?page='.$page['slug'] ),
'anchor' => $page['title'],
);
}
@@ -27,7 +27,7 @@ function yourls_upgrade( $step, $oldver, $newver, $oldsql, $newsql ) {
if( $oldsql < 482 )
yourls_upgrade_482();
yourls_redirect_javascript( yourls_admin_url( "upgrade.php?step=3" ) );
yourls_redirect_javascript( yourls_admin_url( "upgrade?step=3" ) );
break;
@@ -143,7 +143,7 @@ function yourls_upgrade_to_14( $step ) {
$create = yourls_create_htaccess(); // returns bool
if ( !$create )
echo "<p class='warning'>Please create your <code>.htaccess</code> file (I could not do it for you). Please refer to <a href='http://yourls.org/htaccess'>http://yourls.org/htaccess</a>.";
yourls_redirect_javascript( yourls_admin_url( "upgrade.php?step=2&oldver=1.3&newver=1.4&oldsql=100&newsql=200" ), $create );
yourls_redirect_javascript( yourls_admin_url( "upgrade?step=2&oldver=1.3&newver=1.4&oldsql=100&newsql=200" ), $create );
break;
case 2:
@@ -158,7 +158,7 @@ function yourls_upgrade_to_14( $step ) {
// attempt to drop YOURLS_DB_TABLE_NEXTDEC
yourls_update_options_to_14();
// Now upgrade to 1.4.1
yourls_redirect_javascript( yourls_admin_url( "upgrade.php?step=1&oldver=1.4&newver=1.4.1&oldsql=200&newsql=210" ) );
yourls_redirect_javascript( yourls_admin_url( "upgrade?step=1&oldver=1.4&newver=1.4.1&oldsql=200&newsql=210" ) );
break;
}
}
@@ -308,11 +308,11 @@ function yourls_update_table_to_14() {
$from = $from + $chunk;
$remain = $total - $from;
echo "<p>Converted $chunk database rows ($remain remaining). Continuing... Please do not close this window until it's finished!</p>";
yourls_redirect_javascript( yourls_admin_url( "upgrade.php?step=2&oldver=1.3&newver=1.4&oldsql=100&newsql=200&from=$from" ), $success );
yourls_redirect_javascript( yourls_admin_url( "upgrade?step=2&oldver=1.3&newver=1.4&oldsql=100&newsql=200&from=$from" ), $success );
} else {
// All done
echo '<p>All rows converted! Please wait...</p>';
yourls_redirect_javascript( yourls_admin_url( "upgrade.php?step=3&oldver=1.3&newver=1.4&oldsql=100&newsql=200" ), $success );
yourls_redirect_javascript( yourls_admin_url( "upgrade?step=3&oldver=1.3&newver=1.4&oldsql=100&newsql=200" ), $success );
}
}
@@ -77,6 +77,7 @@ function yourls_keyword_is_reserved( $keyword ) {
if ( in_array( $keyword, $yourls_reserved_URL)
or file_exists( YOURLS_PAGEDIR ."/$keyword.php" )
or is_dir( YOURLS_ABSPATH ."/$keyword" )
or $keyword == YOURLS_ADMIN_KEY
)
$reserved = true;
@@ -1962,7 +1963,7 @@ function yourls_current_admin_page() {
if( yourls_is_admin() ) {
$current = substr( yourls_get_request(), 6 );
if( $current === false )
$current = 'index.php'; // if current page is http://sho.rt/admin/ instead of http://sho.rt/admin/index.php
$current = 'index'; // if current page is http://sho.rt/admin/ instead of http://sho.rt/admin/index
return $current;
}
@@ -68,6 +68,10 @@
// physical path of pages directory
if( !defined( 'YOURLS_PAGEDIR' ) )
define('YOURLS_PAGEDIR', YOURLS_USERDIR.'/pages' );
// admin pages location
if( !defined( 'YOURLS_ADMIN_KEY' ) )
define('YOURLS_ADMIN_KEY', 'admin' );
// table to store URLs
if( !defined( 'YOURLS_DB_TABLE_URL' ) )
@@ -185,7 +189,7 @@
// Check if upgrade is needed (bypassed if upgrading or installing)
if ( !yourls_is_upgrading() && !yourls_is_installing() ) {
if ( yourls_upgrade_is_needed() ) {
yourls_redirect( YOURLS_SITE .'/admin/upgrade.php', 302 );
yourls_redirect( YOURLS_SITE .'/admin/upgrade', 302 );
}
}
@@ -105,22 +105,22 @@ $bookmarks = array (
'simple' => array (
'name' => yourls__( 'Default + Standard' ),
'type' => array( 'default', 'standard' ),
'link' => "javascript:(function()%7Bvar%20d=document,w=window,enc=encodeURIComponent,e=w.getSelection,k=d.getSelection,x=d.selection,s=(e?e():(k)?k():(x?x.createRange().text:0)),s2=((s.toString()=='')?s:enc(s)),f='" . yourls_admin_url( 'index.php' ) . "',l=d.location,p='?u='+enc(l.href)+'&t='+enc(d.title)+'&s='+s2,u=f+p;try%7Bthrow('ozhismygod');%7Dcatch(z)%7Ba=function()%7Bif(!w.open(u))l.href=u;%7D;if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();%7Dvoid(0);%7D)()",
'link' => "javascript:(function()%7Bvar%20d=document,w=window,enc=encodeURIComponent,e=w.getSelection,k=d.getSelection,x=d.selection,s=(e?e():(k)?k():(x?x.createRange().text:0)),s2=((s.toString()=='')?s:enc(s)),f='" . yourls_admin_url( 'index' ) . "',l=d.location,p='?u='+enc(l.href)+'&t='+enc(d.title)+'&s='+s2,u=f+p;try%7Bthrow('ozhismygod');%7Dcatch(z)%7Ba=function()%7Bif(!w.open(u))l.href=u;%7D;if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();%7Dvoid(0);%7D)()",
),
'custom' => array (
'name' => yourls__( 'Custom + Standard' ),
'type' => array( 'standard', 'custom' ),
'link' => "javascript:(function()%7Bvar%20d=document,w=window,enc=encodeURIComponent,e=w.getSelection,k=d.getSelection,x=d.selection,s=(e?e():(k)?k():(x?x.createRange().text:0)),s2=((s.toString()=='')?s:enc(s)),f='" . yourls_admin_url( 'index.php' ) . "',l=d.location,k=prompt(%22Custom%20URL%22),k2=(k?'&k='+k:%22%22),p='?u='+enc(l.href)+'&t='+enc(d.title)+'&s='+s2+k2,u=f+p;if(k!=null)%7Btry%7Bthrow('ozhismygod');%7Dcatch(z)%7Ba=function()%7Bif(!w.open(u))l.href=u;%7D;if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();%7Dvoid(0)%7D%7D)()",
'link' => "javascript:(function()%7Bvar%20d=document,w=window,enc=encodeURIComponent,e=w.getSelection,k=d.getSelection,x=d.selection,s=(e?e():(k)?k():(x?x.createRange().text:0)),s2=((s.toString()=='')?s:enc(s)),f='" . yourls_admin_url( 'index' ) . "',l=d.location,k=prompt(%22Custom%20URL%22),k2=(k?'&k='+k:%22%22),p='?u='+enc(l.href)+'&t='+enc(d.title)+'&s='+s2+k2,u=f+p;if(k!=null)%7Btry%7Bthrow('ozhismygod');%7Dcatch(z)%7Ba=function()%7Bif(!w.open(u))l.href=u;%7D;if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();%7Dvoid(0)%7D%7D)()",
),
'simple-pop' => array (
'name' => yourls__( 'Default + Popup' ),
'type' => array( 'default', 'popup' ),
'link' => "javascript:(function()%7Bvar%20d=document,s=d.createElement('script');window.yourls_callback=function(r)%7Bif(r.short_url)%7Bprompt(r.message,r.short_url);%7Delse%7Balert('An%20error%20occured:%20'+r.message);%7D%7D;s.src='" . yourls_admin_url( 'index.php' ) . "?u='+encodeURIComponent(d.location.href)+'&jsonp=yourls';void(d.body.appendChild(s));%7D)();",
'link' => "javascript:(function()%7Bvar%20d=document,s=d.createElement('script');window.yourls_callback=function(r)%7Bif(r.short_url)%7Bprompt(r.message,r.short_url);%7Delse%7Balert('An%20error%20occured:%20'+r.message);%7D%7D;s.src='" . yourls_admin_url( 'index' ) . "?u='+encodeURIComponent(d.location.href)+'&jsonp=yourls';void(d.body.appendChild(s));%7D)();",
),
'custom-pop' => array (
'name' => yourls__( 'Custom + Popup' ),
'type' => array( 'popup', 'custom' ),
'link' => "javascript:(function()%7Bvar%20d=document,k=prompt('Custom%20URL'),s=d.createElement('script');if(k!=null){window.yourls_callback=function(r)%7Bif(r.short_url)%7Bprompt(r.message,r.short_url);%7Delse%7Balert('An%20error%20occured:%20'+r.message);%7D%7D;s.src='" . yourls_admin_url( 'index.php' ) . "?u='+encodeURIComponent(d.location.href)+'&k='+k+'&jsonp=yourls';void(d.body.appendChild(s));%7D%7D)();",
'link' => "javascript:(function()%7Bvar%20d=document,k=prompt('Custom%20URL'),s=d.createElement('script');if(k!=null){window.yourls_callback=function(r)%7Bif(r.short_url)%7Bprompt(r.message,r.short_url);%7Delse%7Balert('An%20error%20occured:%20'+r.message);%7D%7D;s.src='" . yourls_admin_url( 'index' ) . "?u='+encodeURIComponent(d.location.href)+'&k='+k+'&jsonp=yourls';void(d.body.appendChild(s));%7D%7D)();",
),
);

@@ -142,13 +142,13 @@ $bookmarks = array ( // Bookmarklets, unformatted for readability: https://gist.
'name' => yourls__( 'YOURLS &amp; Facebook' ),
'color' => 'info',
'description' => yourls__( 'Create a short URL and share it on social networks, all in one click!' ),
'link' => "javascript:(function(){var%20d=document,enc=encodeURIComponent,share='facebook',f='" . yourls_admin_url( 'index.php' ) . "',l=d.location,p='?u='+enc(l.href)+'&t='+enc(d.title)+'&share='+share,u=f+p;try{throw('ozhismygod');}catch(z){a=function(){if(!window.open(u,'Share','width=500,height=340,left=100','_blank'))l.href=u;};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();}void(0);})();",
'link' => "javascript:(function(){var%20d=document,enc=encodeURIComponent,share='facebook',f='" . yourls_admin_url( 'index' ) . "',l=d.location,p='?u='+enc(l.href)+'&t='+enc(d.title)+'&share='+share,u=f+p;try{throw('ozhismygod');}catch(z){a=function(){if(!window.open(u,'Share','width=500,height=340,left=100','_blank'))l.href=u;};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();}void(0);})();",
),
'twitter' => array (
'name' => yourls__( 'YOURLS &amp; Twitter' ),
'color' => 'success',
'description' => yourls__( 'Create a short URL and share it on social networks, all in one click!' ),
'link' => "javascript:(function(){var%20d=document,w=window,enc=encodeURIComponent,share='twitter',e=w.getSelection,k=d.getSelection,x=d.selection,s=(e?e():(k)?k():(x?x.createRange().text:0)),s2=((s.toString()=='')?s:'%20%22'+enc(s)+'%22'),f='" . yourls_admin_url( 'index.php' ) . "',l=d.location,p='?u='+enc(l.href)+'&t='+enc(d.title)+s2+'&share='+share,u=f+p;try{throw('ozhismygod');}catch(z){a=function(){if(!w.open(u,'Share','width=780,height=265,left=100','_blank'))l.href=u;};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();}void(0);})();",
'link' => "javascript:(function(){var%20d=document,w=window,enc=encodeURIComponent,share='twitter',e=w.getSelection,k=d.getSelection,x=d.selection,s=(e?e():(k)?k():(x?x.createRange().text:0)),s2=((s.toString()=='')?s:'%20%22'+enc(s)+'%22'),f='" . yourls_admin_url( 'index' ) . "',l=d.location,p='?u='+enc(l.href)+'&t='+enc(d.title)+s2+'&share='+share,u=f+p;try{throw('ozhismygod');}catch(z){a=function(){if(!w.open(u,'Share','width=780,height=265,left=100','_blank'))l.href=u;};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();}void(0);})();",
),
);

@@ -85,7 +85,7 @@ function sample_theme_menu() {
// Some very interesting links
$intranet = 'http://intranet.corp/';
$yourls = yourls_admin_url( );
$themes = yourls_admin_url( 'themes.php' );
$themes = yourls_admin_url( 'themes' );
// The menu
echo <<<MENU
@@ -20,6 +20,16 @@
// Get request in YOURLS base (eg in 'http://site.com/yourls/abcd' get 'abdc')
$request = yourls_get_request();
// Admin:
if( preg_match( "@^".YOURLS_ADMIN_KEY."/(([a-zA-Z\-]+)(\.php)?)?$@", $request, $matches ) ) {
$page = YOURLS_INC.'/admin/';
$page .= $matches[2] ? $matches[2].'.php' : 'index.php';
if ( file_exists( $page ) ) {
require_once( $page );
exit;
}
}
// Make valid regexp pattern from authorized charset in keywords
$pattern = yourls_make_regexp_pattern( yourls_get_shorturl_charset() );
@@ -52,7 +62,7 @@
if( preg_match( "@^[a-zA-Z]+://.+@", $request, $matches ) ) {
$url = yourls_sanitize_url( $matches[0] );
yourls_do_action( 'load_template_redirect_admin', $url );
yourls_redirect( yourls_admin_url('index.php').'?u='.rawurlencode( $url ), 302 );
yourls_redirect( yourls_admin_url('index').'?u='.rawurlencode( $url ), 302 );
exit;
}

8 comments on commit 336a262

@ozh

This comment has been minimized.

Copy link
Member

replied Jan 5, 2014

Je vais essayer, ça peut être une bonne idée

(encore que... j'aime bien quand je découvre un nouvel URL shortener vérifier rapidement s'il utilise YOURLS en regardant simplement s'il y a une page "/admin" :) cf https://twitter.com/ozh/status/418391088186269696)

(on pourrait rajouter un discret header X-YOURLS pour compenser :)

@LeoColomb

This comment has been minimized.

Copy link
Member Author

replied Jan 5, 2014

Oui, pourquoi pas un header.
Une autre raison moins explicite de ce est pour la sécurité/confidentialité. Accéder à l'espace admin d'un outils c'est révélateur.
Moi j'ai pas envie que tu sache que j'utilise YOURLS en tapant /admin dans mon URL et encore moins que tu accède à un formulaire de connexion, parce que c'est top secret, na !

@LeoColomb

This comment has been minimized.

Copy link
Member Author

replied Jan 5, 2014

Déjà que tu vas connaitre directement mon domaine et la version que j'utilise via ayo... (connaitre version: gros problème de sécu => je drop via l'url toutes les bases de tout les YOURLS sensibles comme tu m'as montré il y a pas longtemps et j'emmerde le monde)

@ozh

This comment has been minimized.

Copy link
Member

replied Jan 12, 2014

Problème bloquant: cela ne fonctionne pas si tu as un répertoire /admin, ce qui sera le cas de pratiquement tous les utilisateurs (seuls ceux qui mettront à jour via git, c'est à dire quasi personne, n'auront pas le souci)

J'aime bien pourtant cette feature et c'est qqch qui a été souvent demandé dès le début de YOURLS. Je propose donc de la déplacer dans un plugin (core ou pas, à voir), qui pourra commencer par faire quelques check (présence d'un repertoire admin, probablement d'autres choses à vérifier) et le cas échéant ne pas s'activer tant que l'utilisateur n'aura pas fait les corrections manuelles nécessaires.

Autre problème, l'URL /admin est hardcodée à différents endroits, je pense notamment à /docs

@ozh

This comment has been minimized.

Copy link
Member

replied Jan 12, 2014

Il faut également changer le nom de la const, YOURLS_ADMIN_KEY ne veut rien dire. Je préfère YOURLS_ADMIN_LOCATION

@LeoColomb

This comment has been minimized.

Copy link
Member Author

replied Jan 25, 2014

Problème bloquant: cela ne fonctionne pas si tu as un répertoire /admin, ce qui sera le cas de pratiquement tous les utilisateurs (seuls ceux qui mettront à jour via git, c'est à dire quasi personne, n'auront pas le souci)

Bon, il va falloir s'avouer un truc, pour 2.0 il va falloir qu'il supprime tout sauf le dossier user. Si on continu à dire "oui mais dès qu'on fait un changement il y a tout qui va planter", on va avoir du mal à progresser... Non ? A la limite je préfère m'occuper de quelques issues des users qui n'auront pas lu la phrase écrite en rouge taille 30 qui indique de tout virer. Et s'il savent uploader (via FTP?) ils savent supprimer.

Je propose donc de la déplacer dans un plugin (core ou pas, à voir)

Pas du tout pour. Si tu veux vraiment, ce sera sans moi. S'il ne savent pas supprimer en FTP trois dossiers, ils comprendront ici que l'interface admin c'est un plugin et désactivable.

Autre problème, l'URL /admin est hardcodée à différents endroits, je pense notamment à /docs

Pas un souci pour moi, avec un peu de recherche et de talent, c'est gérable.

Il faut également changer le nom de la const, YOURLS_ADMIN_KEY ne veut rien dire. Je préfère YOURLS_ADMIN_LOCATION

Feel free. 💃 :-)

@ozh

This comment has been minimized.

Copy link
Member

replied Jan 26, 2014

Je ne suis pas du tout opposé pour la 2.0 à des changements qui vont casser des choses, le principal étant un changement de fonctionnement des actions vs filters, cf #1203. Par contre je suis 100% opposé à des changements dont les impacts ne sont pas complètement étudiés et dont les bénéfices utilisateurs ne sont pas avérés.

Une partie des utilisateurs n'ont pas utilisé de FTP pour installer YOURLS : godaddy (et probablement d'autres hébergeurs, je ne sais pas) propose des installs de YOURLS en 1 clic. Je ne sais pas s'ils proposent des maj, je ne sais pas comment ils les gèrent.

OK pour ce changement et tu t'occupes de 100% des issues ouvertes pour tout problème d'accès à l'interface d'admin.

@LeoColomb

This comment has been minimized.

Copy link
Member Author

replied Jan 26, 2014

Juré. :-)

Please sign in to comment.
You can’t perform that action at this time.