admin("edit {$Page->link}")) abort("geen beheersrechten", '401 unauthorised'); if ($_FILES) { $response = ['uploaded' => 0]; try { require_once('upload.inc.php'); $datadir = implode('/', ['data', date('Y'), $User->login]); if ($Page->path) $datadir .= $Page->path; $target = userupload(@$_FILES['upload'], $datadir); if ($target) { $target = "/thumb/640x/$target"; $response['fileName'] = $_FILES['upload']['name']; $response['url'] = str_replace('%2F', '/', urlencode($target)); $response['uploaded']++; } } catch (Exception $e) { $response['error'] = ['message' => $e->getMessage()]; } switch (@$_GET['output']) { case 'ckjson': print json_encode($response); exit; case 'ckescript': if (empty($response['url'])) break; printf('', "{$_GET['CKEditorFuncNum']}, '{$response['url']}'" ); break; default: if (empty($response['url'])) break; print $target; } if (isset($response['error'])) { abort($response['error']['message'], '409 upload error'); } exit; } if (!$_POST) abort("niets te doen", '405 post error'); $request = trim($Page->path, '/') ?: 'index'; if (preg_match('{^\.}', $request)) abort("ongeldige bestandsnaam: $request", '403 input error'); $filename = $request; if (is_dir($filename) && !file_exists("$filename.html")) $filename .= '/index'; $filename .= '.html'; if (file_exists($filename) and !is_writable($filename)) abort("onwijzigbaar bestand: $filename", '403 input error'); if (!isset($_POST['body'])) abort("geen inhoud aangeleverd", '409 input error'); $upload = $_POST['body']; if (!strlen($upload)) { if (file_exists($filename) and !unlink($filename)) abort("fout bij het verwijderen van $filename", '500 delete error'); abort("Bestand verwijderd"); } if (!file_exists(dirname($filename)) and !mkdir(dirname($filename), 0777, TRUE)) abort("fout bij aanmaken van map voor $filename", '500 save error'); if (file_exists($filename) and file_get_contents($filename) === $upload) abort('niet aangepast', '200 unaltered'); if (!file_put_contents($filename, $upload)) abort("fout bij schrijven van $filename", '500 save error'); if (is_writable('.git')) { $gitmsg = "$request: edit from {$_SERVER['REMOTE_ADDR']}"; $gitcmd = 'git'; $gitcmd .= ' -c user.name='.escapeshellarg($User->name ?: $User->login); $gitcmd .= ' -c user.email='.escapeshellarg($User->email ?: "{$User->login}@lijtweg.nl"); $gitcmd .= ' commit -q'; $gitcmd .= ' -m '.escapeshellarg($gitmsg); $gitcmd .= ' -- '.escapeshellarg($filename); exec("$gitcmd 2>&1", $gitlog, $gitstatus); if ($gitstatus) { trigger_error("git commit failure $gitstatus: ".implode("\n", $gitlog), E_USER_WARNING); } } abort("Bestand opgeslagen");