X-Git-Url: http://git.shiar.nl/minimedit.git/blobdiff_plain/d25b72d1e59591449d5efeea4b4063d250ebb1a8..7983570288ed2798470a552ec04f64aa646b664a:/page.php diff --git a/page.php b/page.php index 9acacc2..d5c78cd 100644 --- a/page.php +++ b/page.php @@ -2,70 +2,177 @@ error_reporting(E_ALL); ini_set('display_errors', TRUE); -set_exception_handler(function ($error) { - include_once 'page.inc.php'; - include_once '500.php'; -}); +function abort($body, $status = NULL) { + if ($status) header("HTTP/1.1 $status"); + print "$body\n"; + exit; +} -include_once 'auth.inc.php'; -$Edit = isset($_GET['edit']); +function getoutput($blocks = []) +{ + $doc = ob_get_clean(); + + if (!empty($blocks['warn'])) { + $warn = '

[[warn]]

'; + if ($offset = strpos($doc, '')) { + $doc = substr_replace($doc, "\n\n".$warn, $offset + 5, 0); + } + else { + $doc = $warn . "\n\n" . $doc; + } + } + + # keep either login or logout parts depending on user level + global $User; + $hideclass = $User && property_exists($User, 'login') && $User->login ? 'logout' : 'login'; + $doc = preg_replace('{\s*<([a-z]+) class="'.$hideclass.'">.*?}s', '', $doc); + + return preg_replace_callback( + '{ \[\[ ([^] ]+) ([^]]*) \]\] }x', + function ($sub) use ($blocks) { + list ($placeholder, $name, $params) = $sub; + $html = $blocks[$name] ?? + placeholder_include($name, explode(' ', $params)); + if (empty($html) or $html[0] != '<') { + $html = "$html"; + } + $attr = sprintf(' data-dyn="%s"', is_numeric($name) ? '' : $name.$params); + # contents with identifier in first tag + return preg_replace( '/(?=>)/', $attr, $html, 1); + }, + $doc + ); +} -# distinguish subpage Args from topmost Page script +# custom error handling -$Args = ''; -$Page = preg_replace('/\?.*/', '', $_SERVER['REQUEST_URI']); -$Page = urldecode(trim($Page, '/')) ?: 'index'; -while (TRUE) { - if (file_exists("$Page.php")) { - break; - } +define('DOCROOT', getcwd()); +set_include_path(implode(PATH_SEPARATOR, [ DOCROOT, __DIR__ ])); - $up = strrpos($Page, '/'); - $Args = substr($Page, $up) . $Args; - $Page = substr($Page, 0, $up); - if ($up === FALSE) { - break; +function fail($error) +{ + global $User, $Page; + http_response_code(500); + if (!isset($Page)) { + require_once('article.inc.php'); + $Page = new ArchiveArticle(NULL); + $Page->title = 'Fout'; } + include_once 'page.inc.php'; + ob_start(); + require '500.inc.html'; + print getoutput(['debug' => htmlspecialchars($error)]); } -# execute dynamic code +set_exception_handler('fail'); -$prepend = $append = ''; -if ($Page) { - require "./$Page.php"; - if (ob_get_level() > 1) $append = ob_get_clean(); - if (ob_get_level() > 0) $prepend = ob_get_clean(); -} +define('E_FATAL', E_ERROR | E_CORE_ERROR | E_COMPILE_ERROR | E_USER_ERROR); + +set_error_handler(function ($level, $error, $file, $line) { + if ($level & E_FATAL) { + fail($error); + return; + } + return FALSE; +}); + +register_shutdown_function(function () { + # display failure page for fatal exceptions + $error = error_get_last(); + if (!($error['type'] & E_FATAL)) return; + fail("Fatal: $error[message] in $error[file]:$error[line]"); +}); -# prepare static contents +error_reporting(error_reporting() & ~E_FATAL); -include_once 'page.inc.php'; # global html +# user login and control -if (file_exists("$Page$Args/index.html")) { - $Args .= '/index'; +include_once 'auth.inc.php'; // sets global $User +$Edit = isset($_GET['edit']); + +# setup requested page + +$request = preg_replace('/\?.*/', '', @$_SERVER['PATH_INFO'] ?: $_SERVER['REQUEST_URI']); +$request = urldecode(trim($request, '/')) ?: 'index'; + +$staticpage = "$request.html"; +if (file_exists($staticpage)) { + if (is_link($staticpage)) { + $target = preg_replace('/\.html$/', '', readlink($staticpage)); + header("HTTP/1.1 302 Shorthand"); + header("Location: $target"); + exit; + } +} +elseif (file_exists("$request/index.html")) { + $staticpage = "$request/index.html"; } -if (!$Page and !file_exists("$Page$Args.html")) { - # include not found - $Args = ''; - if (isset($User) and $User['admin']) { - $Page = 'template'; +require_once('article.inc.php'); +$Page = new ArchiveArticle($staticpage); + +if ($Page->restricted) { + # access restriction + if (!$User->login) { + http_response_code(303); + $target = urlencode($Page->link); + header("Location: /login?goto=$target"); + exit; } - else { - $Page = '404'; - require "./$Page.php"; +} + +# prepare page contents + +header(sprintf('Content-Security-Policy: %s', implode('; ', [ + "default-src 'self' 'unsafe-inline' http://cdn.ckeditor.com", # some overrides remain + "img-src 'self' data: http://cdn.ckeditor.com", # inline svg (in css) + "base-uri 'self'", # only local pages + "frame-ancestors 'none'", # prevent malicious embedding +]))); + +ob_start(); # page body +$Place = [ + 'user' => $User->login ?: '', + 'url' => htmlspecialchars($_SERVER['REQUEST_URI']), +]; + +if (!isset($Page->raw) and $User->admin("edit {$Page->link}")) { + # open bottom template as initial contents + $template = 'template.inc.html'; + if ($Page->handler and file_exists("{$Page->handler}/$template")) { + $template = "{$Page->handler}/$template"; } + $Page->raw($template); + $Page->meta['article:published_time'] = date('Y-m-d h:i:s O'); + $Page->meta['article:author'] = '/' . $User->dir; } -# output prepared html +if (isset($Page->raw)) { + if ($User->admin("edit {$Page->link}")) { + # restore meta tags in static contents for editing + foreach (array_reverse($Page->meta) as $metaprop => $val) { + $Page->raw = sprintf( + ''."\n", + $metaprop, $val + ) . $Page->raw; + } + } + $Page->raw = '
'."\n\n".$Page->raw."
\n\n"; +} -print $prepend; +# output dynamic and/or static html -print '
'."\n\n"; -if (file_exists("$Page$Args.html")) { -include "./$Page$Args.html"; # static contents +if (!$Page->handler or require("./{$Page->handler}/index.php")) { + # static contents + if (isset($Page->raw)) { + print $Page->raw; + } + else { + # no resulting output + http_response_code(404); + @require '404.inc.html'; + } } -print "
\n\n"; -print $append; +include_once 'page.inc.php';