X-Git-Url: http://git.shiar.nl/minimedit.git/blobdiff_plain/8c48d7e676efc23118ce2631642126c869ce4efb..772961fd4e9be46ad340cad1e55ee5f28cc5b968:/page.php diff --git a/page.php b/page.php index e2043ed..a469a9d 100644 --- a/page.php +++ b/page.php @@ -2,33 +2,209 @@ error_reporting(E_ALL); ini_set('display_errors', TRUE); -$Args = ''; -$Page = preg_replace('/\?.*/', '', $_SERVER['REQUEST_URI']); -$Page = urldecode(trim($Page, '/')) ?: 'index'; -while (TRUE) { - if (file_exists("$Page/index.html")) { - $Page .= '/index'; - break; +function abort($body, $status = NULL) { + if ($status) header("HTTP/1.1 $status"); + print "$body\n"; + exit; +} + +function placeholder_include($name, $params = []) +{ + $path = stream_resolve_include_path("widget/$name.php"); + if (!file_exists($path)) { + return ''.$name.' ontbreekt'; + } + + ob_start(); + $Page = clone $GLOBALS['Page']; + $Page->handler = $Page->handler . $Page->path; // .= with explicit getter + $Page->path = ''; + $Place = $GLOBALS['Place']; + foreach ($params as $param) { + if ($set = strpos($param, '=')) { + $Place[ substr($param, 0, $set) ] = substr($param, $set + 1); + } + elseif (!empty($param)) { + $Page->path .= '/'.$param; + } } - if (file_exists("$Page.html")) { - break; + $Page->link .= $Page->path; + try { + include "widget/$name.php"; + return ob_get_clean(); } - if (file_exists("$Page.php")) { - # unformatted script override - require "$Page.php"; - break; + catch (Exception $e) { + return sprintf('%s', + "fout in $name: {$e->getMessage()}" + ); } +} - $up = strrpos($Page, '/'); - if ($up === FALSE) { - http_response_code(404); - $Page = '404'; - break; +function getoutput($blocks = []) +{ + $doc = ob_get_clean(); + + if (!empty($blocks['warn'])) { + $warn = '

[[warn]]

'; + if ($offset = strpos($doc, '')) { + $doc = substr_replace($doc, "\n\n".$warn, $offset + 5, 0); + } + else { + $doc = $warn . "\n\n" . $doc; + } + } + + # keep either login or logout parts depending on user level + global $User; + $hideclass = $User && property_exists($User, 'login') && $User->login ? 'logout' : 'login'; + $doc = preg_replace('{\s*<([a-z]+) class="'.$hideclass.'">.*?}s', '', $doc); + + return preg_replace_callback( + '{ \[\[ ([^] ]+) ([^]]*) \]\] }x', + function ($sub) use ($blocks) { + list ($placeholder, $name, $params) = $sub; + $html = $blocks[$name] ?? + placeholder_include($name, explode(' ', $params)); + if (empty($html) or $html[0] != '<') { + $html = "$html"; + } + $attr = sprintf(' data-dyn="%s"', is_numeric($name) ? '' : $name.$params); + # contents with identifier in first tag + return preg_replace( '/(?=>)/', $attr, $html, 1); + }, + $doc + ); +} + +# custom error handling + +define('DOCROOT', getcwd()); +set_include_path(implode(PATH_SEPARATOR, [ DOCROOT, __DIR__ ])); + +function fail($error) +{ + global $User, $Page; + http_response_code(500); + if (!isset($Page)) { + require_once('article.inc.php'); + $Page = new ArchiveArticle(NULL); + $Page->title = 'Fout'; } - $Args = substr($Page, $up) . $Args; - $Page = substr($Page, 0, $up); + include_once 'page.inc.php'; + ob_start(); + require '500.inc.html'; + print getoutput(['debug' => htmlspecialchars($error)]); } +set_exception_handler('fail'); + +define('E_FATAL', E_ERROR | E_CORE_ERROR | E_COMPILE_ERROR | E_USER_ERROR); + +set_error_handler(function ($level, $error, $file, $line) { + if ($level & E_FATAL) { + fail($error); + return; + } + return FALSE; +}); + +register_shutdown_function(function () { + # display failure page for fatal exceptions + $error = error_get_last(); + if (!($error['type'] & E_FATAL)) return; + fail("Fatal: $error[message] in $error[file]:$error[line]"); +}); + +error_reporting(error_reporting() & ~E_FATAL); + +# user login and control + +include_once 'auth.inc.php'; // sets global $User $Edit = isset($_GET['edit']); -include 'head.inc.php'; +# setup requested page + +$request = preg_replace('/\?.*/', '', @$_SERVER['PATH_INFO'] ?: $_SERVER['REQUEST_URI']); +$request = urldecode(trim($request, '/')) ?: 'index'; + +$staticpage = "$request.html"; +if (file_exists($staticpage)) { + if (is_link($staticpage)) { + $target = preg_replace('/\.html$/', '', readlink($staticpage)); + header("HTTP/1.1 302 Shorthand"); + header("Location: $target"); + exit; + } +} +elseif (file_exists("$request/index.html")) { + $staticpage = "$request/index.html"; +} + +require_once('article.inc.php'); +$Page = new ArchiveArticle($staticpage); + +if ($Page->restricted) { + # access restriction + if (!$User->login) { + http_response_code(303); + $target = urlencode($Page->link); + header("Location: /login?goto=$target"); + exit; + } +} + +# prepare page contents + +header(sprintf('Content-Security-Policy: %s', implode('; ', [ + "default-src 'self' 'unsafe-inline' http://cdn.ckeditor.com", # some overrides remain + "img-src 'self' data: http://cdn.ckeditor.com", # inline svg (in css) + "base-uri 'self'", # only local pages + "frame-ancestors 'none'", # prevent malicious embedding +]))); + +ob_start(); # page body +$Place = [ + 'user' => $User->login ?: '', + 'url' => htmlspecialchars($_SERVER['REQUEST_URI']), +]; + +if (!isset($Page->raw) and $User->admin("edit {$Page->link}")) { + # open bottom template as initial contents + $template = 'template.inc.html'; + if ($Page->handler and file_exists("{$Page->handler}/$template")) { + $template = "{$Page->handler}/$template"; + } + $Page->raw($template); + $Page->meta['article:published_time'] = date('Y-m-d h:i:s O'); + $Page->meta['article:author'] = '/' . $User->dir; +} + +if (isset($Page->raw)) { + if ($User->admin("edit {$Page->link}")) { + # restore meta tags in static contents for editing + foreach (array_reverse($Page->meta) as $metaprop => $val) { + $Page->raw = sprintf( + ''."\n", + $metaprop, $val + ) . $Page->raw; + } + } + $Page->raw = '
'."\n\n".$Page->raw."
\n\n"; +} + +# output dynamic and/or static html + +if (!$Page->handler or require("./{$Page->handler}/index.php")) { + # static contents + if (isset($Page->raw)) { + print $Page->raw; + } + else { + # no resulting output + http_response_code(404); + @require '404.inc.html'; + } +} + +include_once 'page.inc.php'; +