X-Git-Url: http://git.shiar.nl/minimedit.git/blobdiff_plain/42d01534123ab54ae8d2ceee5fe9357605b5e637..7983570288ed2798470a552ec04f64aa646b664a:/page.php diff --git a/page.php b/page.php index 4944467..d5c78cd 100644 --- a/page.php +++ b/page.php @@ -2,80 +2,177 @@ error_reporting(E_ALL); ini_set('display_errors', TRUE); +function abort($body, $status = NULL) { + if ($status) header("HTTP/1.1 $status"); + print "$body\n"; + exit; +} + +function getoutput($blocks = []) +{ + $doc = ob_get_clean(); + + if (!empty($blocks['warn'])) { + $warn = '

[[warn]]

'; + if ($offset = strpos($doc, '')) { + $doc = substr_replace($doc, "\n\n".$warn, $offset + 5, 0); + } + else { + $doc = $warn . "\n\n" . $doc; + } + } + + # keep either login or logout parts depending on user level + global $User; + $hideclass = $User && property_exists($User, 'login') && $User->login ? 'logout' : 'login'; + $doc = preg_replace('{\s*<([a-z]+) class="'.$hideclass.'">.*?}s', '', $doc); + + return preg_replace_callback( + '{ \[\[ ([^] ]+) ([^]]*) \]\] }x', + function ($sub) use ($blocks) { + list ($placeholder, $name, $params) = $sub; + $html = $blocks[$name] ?? + placeholder_include($name, explode(' ', $params)); + if (empty($html) or $html[0] != '<') { + $html = "$html"; + } + $attr = sprintf(' data-dyn="%s"', is_numeric($name) ? '' : $name.$params); + # contents with identifier in first tag + return preg_replace( '/(?=>)/', $attr, $html, 1); + }, + $doc + ); +} + +# custom error handling + +define('DOCROOT', getcwd()); +set_include_path(implode(PATH_SEPARATOR, [ DOCROOT, __DIR__ ])); + function fail($error) { + global $User, $Page; http_response_code(500); + if (!isset($Page)) { + require_once('article.inc.php'); + $Page = new ArchiveArticle(NULL); + $Page->title = 'Fout'; + } include_once 'page.inc.php'; ob_start(); - require_once './500.html'; - print str_replace('[[debug]]', $error, ob_get_clean()); + require '500.inc.html'; + print getoutput(['debug' => htmlspecialchars($error)]); } + set_exception_handler('fail'); + +define('E_FATAL', E_ERROR | E_CORE_ERROR | E_COMPILE_ERROR | E_USER_ERROR); + +set_error_handler(function ($level, $error, $file, $line) { + if ($level & E_FATAL) { + fail($error); + return; + } + return FALSE; +}); + register_shutdown_function(function () { # display failure page for fatal exceptions $error = error_get_last(); - if (!($error['type'] & (E_ERROR | E_CORE_ERROR | E_COMPILE_ERROR | E_USER_ERROR))) return; + if (!($error['type'] & E_FATAL)) return; fail("Fatal: $error[message] in $error[file]:$error[line]"); }); -include_once 'auth.inc.php'; +error_reporting(error_reporting() & ~E_FATAL); + +# user login and control + +include_once 'auth.inc.php'; // sets global $User $Edit = isset($_GET['edit']); -# distinguish subpage Args from topmost Page script +# setup requested page -$Args = ''; -$Page = preg_replace('/\?.*/', '', $_SERVER['REQUEST_URI']); -$Page = urldecode(trim($Page, '/')) ?: 'index'; -while (TRUE) { - if (file_exists("$Page.php")) { - break; - } +$request = preg_replace('/\?.*/', '', @$_SERVER['PATH_INFO'] ?: $_SERVER['REQUEST_URI']); +$request = urldecode(trim($request, '/')) ?: 'index'; - $up = strrpos($Page, '/'); - $Args = substr($Page, $up) . $Args; - $Page = substr($Page, 0, $up); - if ($up === FALSE) { - break; +$staticpage = "$request.html"; +if (file_exists($staticpage)) { + if (is_link($staticpage)) { + $target = preg_replace('/\.html$/', '', readlink($staticpage)); + header("HTTP/1.1 302 Shorthand"); + header("Location: $target"); + exit; } } +elseif (file_exists("$request/index.html")) { + $staticpage = "$request/index.html"; +} -# load static contents - -ob_start(); # page body -ob_start(); # inner html -print '
'."\n\n"; +require_once('article.inc.php'); +$Page = new ArchiveArticle($staticpage); -$found = FALSE; -if (file_exists("$Page$Args/index.html")) { - $found = include "./$Page$Args/index.html"; -} -elseif (file_exists("$Page$Args.html")) { - $found = include "./$Page$Args.html"; +if ($Page->restricted) { + # access restriction + if (!$User->login) { + http_response_code(303); + $target = urlencode($Page->link); + header("Location: /login?goto=$target"); + exit; + } } -print "
\n\n"; +# prepare page contents -# execute dynamic code +header(sprintf('Content-Security-Policy: %s', implode('; ', [ + "default-src 'self' 'unsafe-inline' http://cdn.ckeditor.com", # some overrides remain + "img-src 'self' data: http://cdn.ckeditor.com", # inline svg (in css) + "base-uri 'self'", # only local pages + "frame-ancestors 'none'", # prevent malicious embedding +]))); -if ($Page) { - $found |= require "./$Page.php"; +ob_start(); # page body +$Place = [ + 'user' => $User->login ?: '', + 'url' => htmlspecialchars($_SERVER['REQUEST_URI']), +]; + +if (!isset($Page->raw) and $User->admin("edit {$Page->link}")) { + # open bottom template as initial contents + $template = 'template.inc.html'; + if ($Page->handler and file_exists("{$Page->handler}/$template")) { + $template = "{$Page->handler}/$template"; + } + $Page->raw($template); + $Page->meta['article:published_time'] = date('Y-m-d h:i:s O'); + $Page->meta['article:author'] = '/' . $User->dir; } -# global html +if (isset($Page->raw)) { + if ($User->admin("edit {$Page->link}")) { + # restore meta tags in static contents for editing + foreach (array_reverse($Page->meta) as $metaprop => $val) { + $Page->raw = sprintf( + ''."\n", + $metaprop, $val + ) . $Page->raw; + } + } + $Page->raw = '
'."\n\n".$Page->raw."
\n\n"; +} -include_once 'page.inc.php'; +# output dynamic and/or static html -if (!$found) { - # no resulting output - if (isset($User) and $User['admin']) { - require './template.html'; +if (!$Page->handler or require("./{$Page->handler}/index.php")) { + # static contents + if (isset($Page->raw)) { + print $Page->raw; } else { + # no resulting output http_response_code(404); - ob_start(); - require "./404.html"; - $url = htmlspecialchars($_SERVER['REQUEST_URI']); - print str_replace('[[url]]', $url, ob_get_clean()); + @require '404.inc.html'; } } +include_once 'page.inc.php'; +