'.$name.' ontbreekt'; } ob_start(); $Page = $GLOBALS['Page'] . $GLOBALS['Args']; $Args = ''; $Place = $GLOBALS['Place']; foreach ($params as $param) { if ($set = strpos($param, '=')) { $Place[ substr($param, 0, $set) ] = substr($param, $set + 1); } elseif (!empty($param)) { $Args .= '/'.$param; } } try { include "widget/$name.php"; return ob_get_clean(); } catch (Exception $e) { return sprintf('%s', "fout in $name: {$e->getMessage()}" ); } } function getoutput($blocks = []) { $doc = ob_get_clean(); if (!empty($blocks['warn'])) { $warn = '

[[warn]]

'; if ($offset = strpos($doc, '')) { $doc = substr_replace($doc, "\n\n".$warn, $offset + 5, 0); } else { $doc = $warn . "\n\n" . $doc; } } # keep either login or logout parts depending on user level global $User; $hideclass = $User && property_exists($User, 'login') && $User->login ? 'logout' : 'login'; $doc = preg_replace('{\s*<([a-z]+) class="'.$hideclass.'">.*?}s', '', $doc); return preg_replace_callback( '{ (?%s', is_numeric($name) ? '' : $placeholder, # edit replacement preg_replace('{}', '', $html) # contents ); }, $doc ); } # custom error handling define('DOCROOT', getcwd()); set_include_path(implode(PATH_SEPARATOR, [ DOCROOT, __DIR__ ])); function fail($error) { global $User, $Page, $Args; http_response_code(500); if (!isset($Article)) { require_once('article.inc.php'); $Article = new ArchiveArticle(NULL); $Article->title = 'Fout'; } include_once 'page.inc.php'; ob_start(); require '500.inc.html'; print getoutput(['debug' => htmlspecialchars($error)]); } set_exception_handler('fail'); define('E_FATAL', E_ERROR | E_CORE_ERROR | E_COMPILE_ERROR | E_USER_ERROR); set_error_handler(function ($level, $error, $file, $line) { if ($level & E_FATAL) { fail($error); return; } return FALSE; }); register_shutdown_function(function () { # display failure page for fatal exceptions $error = error_get_last(); if (!($error['type'] & E_FATAL)) return; fail("Fatal: $error[message] in $error[file]:$error[line]"); }); error_reporting(error_reporting() & ~E_FATAL); # user login and control include_once 'auth.inc.php'; // sets global $User $Edit = isset($_GET['edit']); # setup requested page $Args = ''; $Page = preg_replace('/\?.*/', '', @$_SERVER['PATH_INFO'] ?: $_SERVER['REQUEST_URI']); $Page = urldecode(trim($Page, '/')) ?: 'index'; $staticpage = "$Page.html"; if (file_exists($staticpage)) { if (is_link($staticpage)) { $target = preg_replace('/\.html$/', '', readlink($staticpage)); header("HTTP/1.1 302 Shorthand"); header("Location: $target"); exit; } } elseif (file_exists("$Page/index.html")) { $staticpage = "$Page/index.html"; } require_once('article.inc.php'); $Article = new ArchiveArticle($staticpage); $Page = $Article->handler; $Args = $Article->path; if ($PageAccess = $Article->restricted) { # access restriction if (!$User->login) { http_response_code(303); $target = urlencode($Article->link); header("Location: /login?goto=$target"); exit; } } # prepare page contents header(sprintf('Content-Security-Policy: %s', implode('; ', [ "default-src 'self' 'unsafe-inline' http://cdn.ckeditor.com", # some overrides remain "img-src 'self' data: http://cdn.ckeditor.com", # inline svg (in css) "base-uri 'self'", # only local pages "frame-ancestors 'none'", # prevent malicious embedding ]))); ob_start(); # page body $Place = [ 'user' => $User->login ?: '', 'url' => htmlspecialchars($_SERVER['REQUEST_URI']), ]; if (isset($Article->raw)) { if ($User->admin("edit $Page$Args")) { # restore meta tags in static contents for editing foreach (array_reverse($Article->meta) as $metaprop => $val) { $Article->raw = sprintf( ''."\n", $metaprop, $val ) . $Article->raw; } } } elseif ($User->admin("edit {$Article->link}")) { $Article->raw(file_exists("$Page/template.inc.html") ? "$Page/template.inc.html" : 'template.inc.html'); } if (isset($Article->raw)) { $Article->raw = '

'."\n\n".$Article->raw."

\n\n"; } # output dynamic and/or static html if (!$Page or require("./$Page/index.php")) { # static contents if (isset($Article->raw)) { print $Article->raw; } else { # no resulting output http_response_code(404); @require '404.inc.html'; } } include_once 'page.inc.php';