X-Git-Url: http://git.shiar.nl/minimedit.git/blobdiff_plain/882347cba815e99ba8e7ad28d077420aa986e7c5..0fbd7148fb17860a8738562bdd1a9cf427b8ff60:/edit/page/index.php diff --git a/edit/page/index.php b/edit/page/index.php index 1daed85..d506e8f 100644 --- a/edit/page/index.php +++ b/edit/page/index.php @@ -1,17 +1,16 @@ admin) +if (!$User->admin("edit {$Page->link}")) abort("geen beheersrechten", '401 unauthorised'); if ($_FILES) { $response = ['uploaded' => 0]; try { require_once('upload.inc.php'); - $datadir = implode('/', ['data', date('Y')]); - if ($Args) $datadir .= $Args; + $datadir = implode('/', ['data', date('Y'), $User->login]); + if ($Page->path) $datadir .= $Page->path; $target = userupload(@$_FILES['upload'], $datadir); if ($target) { + $target = "/thumb/640x/$target"; $response['fileName'] = $_FILES['upload']['name']; $response['url'] = str_replace('%2F', '/', urlencode($target)); $response['uploaded']++; @@ -44,12 +43,13 @@ if ($_FILES) { if (!$_POST) abort("niets te doen", '405 post error'); -if (!$Args) - abort("geen bestand aangeleverd", '409 input error'); -$filename = ltrim($Args, '/').'.html'; +$filename = trim($Page->path, '/') ?: 'index'; if (preg_match('{^\.}', $filename)) abort("ongeldige bestandsnaam: $filename", '403 input error'); +if (is_dir($filename) && !file_exists("$filename.html")) + $filename .= '/index'; +$filename .= '.html'; if (file_exists($filename) and !is_writable($filename)) abort("onwijzigbaar bestand: $filename", '403 input error'); @@ -71,7 +71,7 @@ if (!file_exists(dirname($filename)) and !mkdir(dirname($filename), 0777, TRUE)) if (!file_put_contents($filename, $upload)) abort("fout bij schrijven van $filename", '500 save error'); -if (is_writable('../.git')) { +if (is_writable('.git')) { $gitmsg = preg_replace('/\.html$/', '', $filename).": edit from {$_SERVER['REMOTE_ADDR']}"; $gitcmd = 'git'; $gitcmd .= ' -c user.name='.escapeshellarg($User->name ?: $User->login);