-$filename = $_POST['page'];
-$filename = ltrim($filename, '/');
-if (!preg_match('/^[a-z]+\.html$/', $filename))
- abort('403 input error', "Ongeldige bestandsnaam: $filename");
+if (!@$User['admin'])
+ abort("geen beheersrechten", '401 unauthorised');
+
+if ($_FILES) {
+ $img = @$_FILES['upload'];
+ if (!$img or $img['error'] !== UPLOAD_ERR_OK)
+ abort('bestand niet goed ontvangen: '.$img['error'], '409 upload error');
+
+ $datadir = 'data/' . date('Y');
+ $target = $datadir.'/'.$img['name'];
+ move_uploaded_file($img['tmp_name'], $target);
+
+ switch (@$_GET['output']) {
+ case 'ckescript':
+ printf('<script>window.parent.CKEDITOR.tools.callFunction(%s)</script>',
+ "{$_GET['CKEditorFuncNum']}, '$target'"
+ );
+ break;
+ default:
+ abort($target);
+ }
+ exit;
+}
+
+if (!$_POST)
+ abort("niets te doen", '405 post error');
+if (!$Args)
+ abort("geen bestand aangeleverd", '409 input error');
+
+$filename = ltrim($Args, '/').'.html';
+if (preg_match('{^\.}', $filename))
+ abort("ongeldige bestandsnaam: $filename", '403 input error');
+if (file_exists($filename) and !is_writable($filename))
+ abort("onwijzigbaar bestand: $filename", '403 input error');
+
+if (!isset($_POST['body']))
+ abort("geen inhoud aangeleverd", '409 input error');