X-Git-Url: http://git.shiar.nl/minimedit.git/blobdiff_plain/d3d149e5d0a1dd80333077966c1b9d12fd18a87a..b04f76050d54c67844d5d4026993f6fab0edeae5:/page.php diff --git a/page.php b/page.php index b160e45..5eefadb 100644 --- a/page.php +++ b/page.php @@ -8,66 +8,25 @@ function abort($body, $status = NULL) { exit; } -function getoutput($blocks = []) -{ - $doc = ob_get_clean(); - - if (!empty($blocks['warn'])) { - $warn = '

[[warn]]

'; - if ($offset = strpos($doc, '')) { - $doc = substr_replace($doc, "\n\n".$warn, $offset + 5, 0); - } - else { - $doc = $warn . "\n\n" . $doc; - } - } - - return preg_replace_callback( - '< \[\[ ([^] ]+) ([^]]*) \]\] >x', - function ($sub) use ($blocks) { - list ($placeholder, $name, $params) = $sub; - if (isset($blocks[$name])) { - $html = $blocks[$name]; - } - elseif (file_exists("$name.php")) { - ob_start(); - $Page = $GLOBALS['Page'] . $GLOBALS['Args']; - $Args = ''; - $Place = $GLOBALS['Place']; - foreach (explode(' ', $params) as $param) { - if ($set = strpos($param, '=')) { - $Place[ substr($param, 0, $set) ] = substr($param, $set + 1); - } - elseif (!empty($param)) { - $Args .= '/'.$param; - } - } - include "$name.php"; - $html = ob_get_clean(); - } - else { - $html = ''.$name.' ontbreekt'; - } - return sprintf('%s', - is_numeric($name) ? '' : $placeholder, # edit replacement - preg_replace('{}', '', $html) # contents - ); - }, - $doc - ); -} - # custom error handling -define('DOCROOT', getcwd().'/'); +define('DOCROOT', getcwd()); +set_include_path(implode(PATH_SEPARATOR, [ DOCROOT, __DIR__ ])); function fail($error) { + global $User, $Page; http_response_code(500); + if (!isset($Page)) { + require_once('article.inc.php'); + $Page = new ArchiveArticle(NULL); + $Page->title = 'Fout'; + } include_once 'page.inc.php'; ob_start(); - require_once DOCROOT.'500.html'; - print getoutput(['debug' => $error]); + require '500.inc.html'; + $Page->place['debug'] = htmlspecialchars($error); + print $Page->render(); } set_exception_handler('fail'); @@ -93,76 +52,91 @@ error_reporting(error_reporting() & ~E_FATAL); # user login and control -include_once 'auth.inc.php'; +include_once 'auth.inc.php'; // sets global $User $Edit = isset($_GET['edit']); -# distinguish subpage Args from topmost Page script - -$Args = ''; -$Page = preg_replace('/\?.*/', '', @$_SERVER['PATH_INFO'] ?: $_SERVER['REQUEST_URI']); -$Page = urldecode(trim($Page, '/')) ?: 'index'; -while (TRUE) { - if (file_exists("$Page/.private")) { - # access restriction - if (empty($User)) { - http_response_code(303); - $target = urlencode($_SERVER['REQUEST_URI']); - header("Location: /login?goto=$target"); - exit; - } - $PageAccess = $Page; - } +# setup requested page - if (file_exists("$Page/index.php")) { - break; - } +$request = preg_replace('/\?.*/', '', @$_SERVER['PATH_INFO'] ?: $_SERVER['REQUEST_URI']); +$request = urldecode(trim($request, '/')) ?: 'index'; - $up = strrpos($Page, '/'); - $Args = substr($Page, $up) . $Args; - $Page = substr($Page, 0, $up); - if ($up === FALSE) { - break; +$staticpage = "$request.html"; +if (file_exists($staticpage)) { + if (is_link($staticpage)) { + $target = preg_replace('/\.html$/', '', readlink($staticpage)); + header("HTTP/1.1 302 Shorthand"); + header("Location: $target"); + exit; } } +elseif (file_exists("$request/index.html")) { + $staticpage = "$request/index.html"; +} -# load static contents - -ob_start(); # page body -ob_start(); # inner html -print '
'."\n\n"; +require_once('article.inc.php'); +$Page = new ArchiveArticle($staticpage); -$found = FALSE; -if (file_exists("$Page$Args.html")) { - $found = include "./$Page$Args.html"; -} -elseif (file_exists("$Page$Args/index.html")) { - $found = include "./$Page$Args/index.html"; -} -elseif (!empty($User['admin'])) { - $found = include (file_exists("$Page/template.html") ? "$Page/template.html" : './template.html'); +if ($Page->restricted) { + # access restriction + if (!$User->login) { + http_response_code(303); + $target = urlencode($Page->link); + header("Location: /login?goto=$target"); + exit; + } } -print "
\n\n"; +# prepare page contents -# execute dynamic code +header(sprintf('Content-Security-Policy: %s', implode('; ', [ + "default-src 'self' 'unsafe-inline' http://cdn.ckeditor.com", # some overrides remain + "img-src 'self' data: http://cdn.ckeditor.com", # inline svg (in css) + "base-uri 'self'", # only local pages + "frame-ancestors 'none'", # prevent malicious embedding +]))); -$Place = []; +ob_start(); # page body +$Page->place += [ + 'user' => $User->login ?: '', + 'url' => htmlspecialchars($_SERVER['REQUEST_URI']), +]; -if ($Page) { - $found |= require "./$Page/index.php"; +if (!isset($Page->raw) and $User->admin("edit {$Page->link}")) { + # open bottom template as initial contents + $template = 'template.inc.html'; + if ($Page->handler and file_exists("{$Page->handler}/$template")) { + $template = "{$Page->handler}/$template"; + } + $Page->raw($template); + $Page->meta['article:published_time'] = date('Y-m-d h:i:s O'); + $Page->meta['article:author'] = '/' . $User->dir; } -$Place += [ - 'user' => empty($User) ? '' : $User['name'], - 'url' => htmlspecialchars($_SERVER['REQUEST_URI']), -]; +if (isset($Page->raw)) { + if ($User->admin("edit {$Page->link}")) { + # restore meta tags in static contents for editing + foreach (array_reverse($Page->meta) as $metaprop => $val) { + $Page->raw = sprintf( + ''."\n", + $metaprop, $val + ) . $Page->raw; + } + } + $Page->raw = '
'."\n\n".$Page->raw."
\n\n"; +} -# global html +# output dynamic and/or static html -if (!$found) { - # no resulting output - http_response_code(404); - @require "./404.html"; +if (!$Page->handler or require("./{$Page->handler}/index.php")) { + # static contents + if (isset($Page->raw)) { + print $Page->raw; + } + else { + # no resulting output + http_response_code(404); + @require '404.inc.html'; + } } include_once 'page.inc.php';