--- /dev/null
+<?php
+ob_clean();
+
+if (empty($User['admin']))
+ abort("geen beheersrechten", '401 unauthorised');
+
+if ($_FILES) {
+ $response = ['uploaded' => 0];
+ try {
+ require_once('upload.inc.php');
+ $datadir = implode('/', ['data', date('Y')]);
+ if ($Args) $datadir .= $Args;
+ $target = userupload(@$_FILES['upload'], $datadir);
+ if ($target) {
+ $response['fileName'] = $_FILES['upload']['name'];
+ $response['url'] = str_replace('%2F', '/', urlencode($target));
+ $response['uploaded']++;
+ }
+ }
+ catch (Exception $e) {
+ $response['error'] = ['message' => $e->getMessage()];
+ }
+
+ switch (@$_GET['output']) {
+ case 'ckjson':
+ print json_encode($response);
+ exit;
+ case 'ckescript':
+ if (empty($response['url'])) break;
+ printf('<script>window.parent.CKEDITOR.tools.callFunction(%s)</script>',
+ "{$_GET['CKEditorFuncNum']}, '{$response['url']}'"
+ );
+ break;
+ default:
+ if (empty($response['url'])) break;
+ print $target;
+ }
+
+ if (isset($response['error'])) {
+ abort($response['error']['message'], '409 upload error');
+ }
+ exit;
+}
+
+if (!$_POST)
+ abort("niets te doen", '405 post error');
+if (!$Args)
+ abort("geen bestand aangeleverd", '409 input error');
+
+$filename = ltrim($Args, '/').'.html';
+if (preg_match('{^\.}', $filename))
+ abort("ongeldige bestandsnaam: $filename", '403 input error');
+if (file_exists($filename) and !is_writable($filename))
+ abort("onwijzigbaar bestand: $filename", '403 input error');
+
+if (!isset($_POST['body']))
+ abort("geen inhoud aangeleverd", '409 input error');
+
+$upload = $_POST['body'];
+
+if (!strlen($upload)) {
+ if (file_exists($filename) and !unlink($filename))
+ abort("fout bij het verwijderen van $filename", '500 delete error');
+
+ abort("Bestand verwijderd");
+}
+
+if (!file_exists(dirname($filename)) and !mkdir(dirname($filename), 0777, TRUE))
+ abort("fout bij aanmaken van map voor $filename", '500 save error');
+
+if (!file_put_contents($filename, $upload))
+ abort("fout bij schrijven van $filename", '500 save error');
+
+if (is_writable('../.git')) {
+ $gitmsg = preg_replace('/\.html$/', '', $filename).": edit from {$_SERVER['REMOTE_ADDR']}";
+ $gitcmd = 'git';
+ $gitcmd .= ' -c user.name='.escapeshellarg($User['name']);
+ $gitcmd .= ' -c user.email='.escapeshellarg("{$User['name']}@lijtweg.nl");
+ $gitcmd .= ' commit -q';
+ $gitcmd .= ' -m '.escapeshellarg($gitmsg);
+ $gitcmd .= ' -- '.escapeshellarg($filename);
+ exec("$gitcmd 2>&1", $gitlog, $gitstatus);
+ if ($gitstatus) {
+ trigger_error("git commit failure $gitstatus: ".implode("\n", $gitlog), E_USER_WARNING);
+ }
+}
+
+abort("Bestand opgeslagen");
+