-$filename = $_POST['page'];
-$filename = ltrim($filename, '/');
-if (!preg_match('/^[a-z]+\.html$/', $filename))
- abort('403 input error', "Ongeldige bestandsnaam: $filename");
+if (!$_POST)
+ abort('405 post error', "niets te doen");
+if (!isset($_SERVER['PATH_INFO']) or strlen($_SERVER['PATH_INFO']) <= 1)
+ abort('409 input error', "geen bestand aangeleverd");
+
+$filename = preg_replace('/(?:\.php)?$/', '.php', ltrim($_SERVER['PATH_INFO'], '/'), 1);
+if (file_exists($filename) and !is_writable($filename))
+ abort('403 input error', "ongeldige bestandsnaam: $filename");
+if (is_executable($filename))
+ abort('403 input error', "onwijzigbaar bestand: $filename");
+
+if (!isset($_POST['body']))
+ abort('409 input error', "geen inhoud aangeleverd");