edit: move contents editor to subdirectory

[minimedit.git] / edit / page / index.php

diff --git a/edit/page/index.php b/edit/page/index.php
new file mode 100644 (file)
index 0000000..cd22216
--- /dev/null
+++ b/edit/page/index.php
@@ -0,0 +1,89 @@
+<?php
+ob_clean();
+
+if (empty($User['admin']))
+       abort("geen beheersrechten", '401 unauthorised');
+
+if ($_FILES) {
+       $response = ['uploaded' => 0];
+       try {
+               require_once('upload.inc.php');
+               $datadir = implode('/', ['data', date('Y')]);
+               if ($Args) $datadir .= $Args;
+               $target = userupload(@$_FILES['upload'], $datadir);
+               if ($target) {
+                       $response['fileName'] = $_FILES['upload']['name'];
+                       $response['url'] = str_replace('%2F', '/', urlencode($target));
+                       $response['uploaded']++;
+               }
+       }
+       catch (Exception $e) {
+               $response['error'] = ['message' => $e->getMessage()];
+       }
+
+       switch (@$_GET['output']) {
+       case 'ckjson':
+               print json_encode($response);
+               exit;
+       case 'ckescript':
+               if (empty($response['url'])) break;
+               printf('<script>window.parent.CKEDITOR.tools.callFunction(%s)</script>',
+                       "{$_GET['CKEditorFuncNum']}, '{$response['url']}'"
+               );
+               break;
+       default:
+               if (empty($response['url'])) break;
+               print $target;
+       }
+
+       if (isset($response['error'])) {
+               abort($response['error']['message'], '409 upload error');
+       }
+       exit;
+}
+
+if (!$_POST)
+       abort("niets te doen", '405 post error');
+if (!$Args)
+       abort("geen bestand aangeleverd", '409 input error');
+
+$filename = ltrim($Args, '/').'.html';
+if (preg_match('{^\.}', $filename))
+       abort("ongeldige bestandsnaam: $filename", '403 input error');
+if (file_exists($filename) and !is_writable($filename))
+       abort("onwijzigbaar bestand: $filename", '403 input error');
+
+if (!isset($_POST['body']))
+       abort("geen inhoud aangeleverd", '409 input error');
+
+$upload = $_POST['body'];
+
+if (!strlen($upload)) {
+       if (file_exists($filename) and !unlink($filename))
+               abort("fout bij het verwijderen van $filename", '500 delete error');
+
+       abort("Bestand verwijderd");
+}
+
+if (!file_exists(dirname($filename)) and !mkdir(dirname($filename), 0777, TRUE))
+       abort("fout bij aanmaken van map voor $filename", '500 save error');
+
+if (!file_put_contents($filename, $upload))
+       abort("fout bij schrijven van $filename", '500 save error');
+
+if (is_writable('../.git')) {
+       $gitmsg = preg_replace('/\.html$/', '', $filename).": edit from {$_SERVER['REMOTE_ADDR']}";
+       $gitcmd = 'git';
+       $gitcmd .= ' -c user.name='.escapeshellarg($User['name']);
+       $gitcmd .= ' -c user.email='.escapeshellarg("{$User['name']}@lijtweg.nl");
+       $gitcmd .= ' commit -q';
+       $gitcmd .= ' -m '.escapeshellarg($gitmsg);
+       $gitcmd .= ' -- '.escapeshellarg($filename);
+       exec("$gitcmd 2>&1", $gitlog, $gitstatus);
+       if ($gitstatus) {
+               trigger_error("git commit failure $gitstatus: ".implode("\n", $gitlog), E_USER_WARNING);
+       }
+}
+
+abort("Bestand opgeslagen");
+