git.shiar.nl
/
minimedit.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
page: prepare static output before dynamic code
[minimedit.git]
/
edit.php
diff --git
a/edit.php
b/edit.php
old mode 100755
(executable)
new mode 100644
(file)
index
fe80528
..
2a63bd2
--- a/
edit.php
+++ b/
edit.php
@@
-1,12
+1,13
@@
<?php
<?php
+ob_clean();
+
function abort($status, $body) {
header("HTTP/1.1 $status");
print "$body\n";
exit;
}
function abort($status, $body) {
header("HTTP/1.1 $status");
print "$body\n";
exit;
}
-require 'auth.inc.php';
-if (!$Admin)
+if (!@$User['admin'])
abort('401 unauthorised', "geen beheersrechten");
if (!$_POST)
abort('401 unauthorised', "geen beheersrechten");
if (!$_POST)
@@
-15,9
+16,9
@@
if (!isset($_SERVER['PATH_INFO']) or strlen($_SERVER['PATH_INFO']) <= 1)
abort('409 input error', "geen bestand aangeleverd");
$filename = ltrim($Args, '/').'.html';
abort('409 input error', "geen bestand aangeleverd");
$filename = ltrim($Args, '/').'.html';
-if (
file_exists($filename) and !is_writable(
$filename))
+if (
!preg_match('{^(?:[/a-z0-9-])+\.html$}',
$filename))
abort('403 input error', "ongeldige bestandsnaam: $filename");
abort('403 input error', "ongeldige bestandsnaam: $filename");
-if (
is_execu
table($filename))
+if (
file_exists($filename) and !is_wri
table($filename))
abort('403 input error', "onwijzigbaar bestand: $filename");
if (!isset($_POST['body']))
abort('403 input error', "onwijzigbaar bestand: $filename");
if (!isset($_POST['body']))