Prevent visitors from reading shaarli version

* fixes #122 * the shaarli version is now in a php comment block, which prevents visitors from reading it when it is place on a PHP-enabled server, but still allows the update mechanism to read it from the source on github.
shaarli · Feb 25, 2015 · dbcad74 · dbcad74
1 parent 0c57460
commit dbcad74
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/index.php b/index.php
@@ -184,8 +184,8 @@ function checkUpdate()
     if (!is_file($GLOBALS['config']['UPDATECHECK_FILENAME']) || (filemtime($GLOBALS['config']['UPDATECHECK_FILENAME'])<time()-($GLOBALS['config']['UPDATECHECK_INTERVAL'])))
     {
         $version=shaarli_version;
-        list($httpstatus,$headers,$data) = getHTTP('https://raw.githubusercontent.com/shaarli/Shaarli/master/shaarli_version.txt',2);
-        if (strpos($httpstatus,'200 OK')!==false) $version=$data;
+        list($httpstatus,$headers,$data) = getHTTP('https://raw.githubusercontent.com/shaarli/Shaarli/master/shaarli_version.php',2);
+        if (strpos($httpstatus,'200 OK')!==false) $version=str_replace(' */ ?>','',str_replace('<?php /* ','',$data));
         // If failed, never mind. We don't want to bother the user with that.
         file_put_contents($GLOBALS['config']['UPDATECHECK_FILENAME'],$version); // touch file date
     }

diff --git a/shaarli_version.php b/shaarli_version.php
@@ -0,0 +1 @@
+<?php /* 0.0.43beta */ ?>
diff --git a/shaarli_version.txt b/shaarli_version.txt