X-Git-Url: http://git.shiar.nl/minimedit.git/blobdiff_plain/ed38c6a76767a893a319f7bfd9229b0dad6b08db..b04f76050d54c67844d5d4026993f6fab0edeae5:/page.php diff --git a/page.php b/page.php index f4d6057..5eefadb 100644 --- a/page.php +++ b/page.php @@ -8,74 +8,6 @@ function abort($body, $status = NULL) { exit; } -function placeholder_include($name, $params = []) -{ - $path = stream_resolve_include_path("widget/$name.php"); - if (!file_exists($path)) { - return ''.$name.' ontbreekt'; - } - - ob_start(); - $Page = $GLOBALS['Page'] . $GLOBALS['Args']; - $Args = ''; - $Place = $GLOBALS['Place']; - foreach ($params as $param) { - if ($set = strpos($param, '=')) { - $Place[ substr($param, 0, $set) ] = substr($param, $set + 1); - } - elseif (!empty($param)) { - $Args .= '/'.$param; - } - } - try { - include "widget/$name.php"; - return ob_get_clean(); - } - catch (Exception $e) { - return sprintf('%s', - "fout in $name: {$e->getMessage()}" - ); - } -} - -function getoutput($blocks = []) -{ - $doc = ob_get_clean(); - - if (!empty($blocks['warn'])) { - $warn = '

[[warn]]

'; - if ($offset = strpos($doc, '')) { - $doc = substr_replace($doc, "\n\n".$warn, $offset + 5, 0); - } - else { - $doc = $warn . "\n\n" . $doc; - } - } - - # keep either login or logout parts depending on user level - global $User; - $hideclass = empty($User) ? 'login' : 'logout'; - $doc = preg_replace('{\s*<([a-z]+) class="'.$hideclass.'">.*?}s', '', $doc); - - return preg_replace_callback( - '{ (?%s', - is_numeric($name) ? '' : $placeholder, # edit replacement - preg_replace('{}', '', $html) # contents - ); - }, - $doc - ); -} - # custom error handling define('DOCROOT', getcwd()); @@ -83,16 +15,18 @@ set_include_path(implode(PATH_SEPARATOR, [ DOCROOT, __DIR__ ])); function fail($error) { - global $User, $Page, $Args; + global $User, $Page; http_response_code(500); - if (!isset($Article)) { - $Article = new ArchiveArticle(NULL); - $Article->title = 'Fout'; + if (!isset($Page)) { + require_once('article.inc.php'); + $Page = new ArchiveArticle(NULL); + $Page->title = 'Fout'; } include_once 'page.inc.php'; ob_start(); require '500.inc.html'; - print getoutput(['debug' => htmlspecialchars($error)]); + $Page->place['debug'] = htmlspecialchars($error); + print $Page->render(); } set_exception_handler('fail'); @@ -118,17 +52,15 @@ error_reporting(error_reporting() & ~E_FATAL); # user login and control -$User = NULL; -include_once 'auth.inc.php'; +include_once 'auth.inc.php'; // sets global $User $Edit = isset($_GET['edit']); # setup requested page -$Args = ''; -$Page = preg_replace('/\?.*/', '', @$_SERVER['PATH_INFO'] ?: $_SERVER['REQUEST_URI']); -$Page = urldecode(trim($Page, '/')) ?: 'index'; +$request = preg_replace('/\?.*/', '', @$_SERVER['PATH_INFO'] ?: $_SERVER['REQUEST_URI']); +$request = urldecode(trim($request, '/')) ?: 'index'; -$staticpage = "$Page.html"; +$staticpage = "$request.html"; if (file_exists($staticpage)) { if (is_link($staticpage)) { $target = preg_replace('/\.html$/', '', readlink($staticpage)); @@ -137,21 +69,18 @@ if (file_exists($staticpage)) { exit; } } -elseif (file_exists("$Page/index.html")) { - $staticpage = "$Page/index.html"; +elseif (file_exists("$request/index.html")) { + $staticpage = "$request/index.html"; } require_once('article.inc.php'); -$Article = new ArchiveArticle($staticpage); +$Page = new ArchiveArticle($staticpage); -$Page = $Article->handler; -$Args = $Article->path; - -if ($PageAccess = $Article->restricted) { +if ($Page->restricted) { # access restriction - if (empty($User)) { + if (!$User->login) { http_response_code(303); - $target = urlencode($Article->link); + $target = urlencode($Page->link); header("Location: /login?goto=$target"); exit; } @@ -159,34 +88,49 @@ if ($PageAccess = $Article->restricted) { # prepare page contents +header(sprintf('Content-Security-Policy: %s', implode('; ', [ + "default-src 'self' 'unsafe-inline' http://cdn.ckeditor.com", # some overrides remain + "img-src 'self' data: http://cdn.ckeditor.com", # inline svg (in css) + "base-uri 'self'", # only local pages + "frame-ancestors 'none'", # prevent malicious embedding +]))); + ob_start(); # page body -$Place = [ - 'user' => $User ? $User->login : '', +$Page->place += [ + 'user' => $User->login ?: '', 'url' => htmlspecialchars($_SERVER['REQUEST_URI']), ]; -if (isset($Article->raw)) { - if ($User and $User->admin("edit $Page$Args")) { +if (!isset($Page->raw) and $User->admin("edit {$Page->link}")) { + # open bottom template as initial contents + $template = 'template.inc.html'; + if ($Page->handler and file_exists("{$Page->handler}/$template")) { + $template = "{$Page->handler}/$template"; + } + $Page->raw($template); + $Page->meta['article:published_time'] = date('Y-m-d h:i:s O'); + $Page->meta['article:author'] = '/' . $User->dir; +} + +if (isset($Page->raw)) { + if ($User->admin("edit {$Page->link}")) { # restore meta tags in static contents for editing - foreach (array_reverse($Article->meta) as $metaprop => $val) { - $Article->raw = sprintf( - ''."\n", + foreach (array_reverse($Page->meta) as $metaprop => $val) { + $Page->raw = sprintf( + ''."\n", $metaprop, $val - ) . $Article->raw; + ) . $Page->raw; } } - $Article->raw = '
'."\n\n".$Article->raw."
\n\n"; -} -elseif (!$Article->raw and $User and $User->admin("edit {$Article->link}")) { - $Article->raw(file_exists("$Page/template.inc.html") ? "$Page/template.inc.html" : 'template.inc.html'); + $Page->raw = '
'."\n\n".$Page->raw."
\n\n"; } # output dynamic and/or static html -if (!$Page or require("./$Page/index.php")) { +if (!$Page->handler or require("./{$Page->handler}/index.php")) { # static contents - if (isset($Article->raw)) { - print $Article->raw; + if (isset($Page->raw)) { + print $Page->raw; } else { # no resulting output