X-Git-Url: http://git.shiar.nl/minimedit.git/blobdiff_plain/effb5f39f873af6e83f65ec3bce4c6d6b3a0fac3..04a1a7a24edbf8423a48f51609d545a5a7a3eb42:/page.php diff --git a/page.php b/page.php index 35a810a..e634a38 100644 --- a/page.php +++ b/page.php @@ -16,9 +16,7 @@ $staticpage = "$request.html"; if (file_exists($staticpage)) { if (is_link($staticpage)) { $target = preg_replace('/\.html$/', '', readlink($staticpage)); - header("HTTP/1.1 302 Shorthand"); - header("Location: $target"); - exit; + abort($target, '307 Shorthand'); } } elseif (file_exists("$request/index.html")) { @@ -28,6 +26,10 @@ elseif (file_exists("$request/index.html")) { require_once('article.inc.php'); $Page = new ArchiveArticle($staticpage); +if (@$_SERVER['HTTP_ACCEPT'] === 'text/plain') { + $Page->api = TRUE; +} + # user login and control include_once 'auth.inc.php'; // sets global $User @@ -35,10 +37,8 @@ include_once 'auth.inc.php'; // sets global $User if ($Page->restricted) { # access restriction if (!$User->login) { - http_response_code(303); $target = urlencode($Page->link); - header("Location: /login?goto=$target"); - exit; + abort("/login?goto=$target", '303 Eerst inloggen'); } } @@ -50,17 +50,19 @@ header(sprintf('Content-Security-Policy: %s', implode('; ', [ "base-uri 'self'", # only local pages "frame-ancestors 'none'", # prevent malicious embedding ]))); +header('Referrer-Policy: no-referrer-when-downgrade'); $Page->place += [ 'user' => $User->login ?: '', 'url' => htmlspecialchars($_SERVER['REQUEST_URI']), ]; -if ($User->admin("edit {$Page->link}")) { +if ($Page->editable = $User->admin("edit {$Page->link}")) { include_once 'edit/head.inc.php'; } -if (isset($Page->raw)) { +if (isset($Page->raw) +and @$_SERVER['HTTP_ACCEPT'] !== 'application/xml') { $Page->raw = '