X-Git-Url: http://git.shiar.nl/minimedit.git/blobdiff_plain/fe92ec8f17c832c4a663aea399dc90a4c09ce6b1..621fc2f9638a1a92aa8535310e7852de5542f11e:/page.php diff --git a/page.php b/page.php index 059b615..bb2de0b 100644 --- a/page.php +++ b/page.php @@ -8,6 +8,36 @@ function abort($body, $status = NULL) { exit; } +function placeholder_include($name, $params = []) +{ + $path = stream_resolve_include_path("widget/$name.php"); + if (!file_exists($path)) { + return ''.$name.' ontbreekt'; + } + + ob_start(); + $Page = $GLOBALS['Page'] . $GLOBALS['Args']; + $Args = ''; + $Place = $GLOBALS['Place']; + foreach ($params as $param) { + if ($set = strpos($param, '=')) { + $Place[ substr($param, 0, $set) ] = substr($param, $set + 1); + } + elseif (!empty($param)) { + $Args .= '/'.$param; + } + } + try { + include "widget/$name.php"; + return ob_get_clean(); + } + catch (Exception $e) { + return sprintf('%s', + "fout in $name: {$e->getMessage()}" + ); + } +} + function getoutput($blocks = []) { $doc = ob_get_clean(); @@ -22,15 +52,20 @@ function getoutput($blocks = []) } } + # keep either login or logout parts depending on user level + global $User; + $hideclass = $User && $User->login ? 'logout' : 'login'; + $doc = preg_replace('{\s*<([a-z]+) class="'.$hideclass.'">.*?}s', '', $doc); + return preg_replace_callback( - '< \[\[ ([^]]*) \]\] >x', + '{ (?'.$name.' ontbreekt'; + $html = placeholder_include($name, explode(' ', $params)); } return sprintf('%s', is_numeric($name) ? '' : $placeholder, # edit replacement @@ -43,15 +78,21 @@ function getoutput($blocks = []) # custom error handling -define('DOCROOT', getcwd().'/'); +define('DOCROOT', getcwd()); +set_include_path(implode(PATH_SEPARATOR, [ DOCROOT, __DIR__ ])); function fail($error) { + global $User, $Page, $Args; http_response_code(500); + if (!isset($Article)) { + $Article = new ArchiveArticle(NULL); + $Article->title = 'Fout'; + } include_once 'page.inc.php'; ob_start(); - require_once DOCROOT.'500.html'; - print getoutput(['debug' => $error]); + require '500.inc.html'; + print getoutput(['debug' => htmlspecialchars($error)]); } set_exception_handler('fail'); @@ -77,72 +118,90 @@ error_reporting(error_reporting() & ~E_FATAL); # user login and control -include_once 'auth.inc.php'; +include_once 'auth.inc.php'; // sets global $User $Edit = isset($_GET['edit']); -# distinguish subpage Args from topmost Page script +# setup requested page $Args = ''; $Page = preg_replace('/\?.*/', '', @$_SERVER['PATH_INFO'] ?: $_SERVER['REQUEST_URI']); $Page = urldecode(trim($Page, '/')) ?: 'index'; -while (TRUE) { - if (file_exists("$Page/.private")) { - # access restriction - if (empty($User)) { - http_response_code(303); - $target = urlencode($_SERVER['REQUEST_URI']); - header("Location: /login?goto=$target"); - exit; - } - $PageAccess = $Page; - } - if (file_exists("$Page/index.php")) { - break; +$staticpage = "$Page.html"; +if (file_exists($staticpage)) { + if (is_link($staticpage)) { + $target = preg_replace('/\.html$/', '', readlink($staticpage)); + header("HTTP/1.1 302 Shorthand"); + header("Location: $target"); + exit; } +} +elseif (file_exists("$Page/index.html")) { + $staticpage = "$Page/index.html"; +} + +require_once('article.inc.php'); +$Article = new ArchiveArticle($staticpage); + +$Page = $Article->handler; +$Args = $Article->path; - $up = strrpos($Page, '/'); - $Args = substr($Page, $up) . $Args; - $Page = substr($Page, 0, $up); - if ($up === FALSE) { - break; +if ($PageAccess = $Article->restricted) { + # access restriction + if (!$User->login) { + http_response_code(303); + $target = urlencode($Article->link); + header("Location: /login?goto=$target"); + exit; } } -# load static contents +# prepare page contents -ob_start(); # page body -ob_start(); # inner html -print '
'."\n\n"; +header(sprintf('Content-Security-Policy: %s', implode('; ', [ + "default-src 'self' 'unsafe-inline' http://cdn.ckeditor.com", # some overrides remain + "img-src 'self' data: http://cdn.ckeditor.com", # inline svg (in css) + "base-uri 'self'", # only local pages + "frame-ancestors 'none'", # prevent malicious embedding +]))); -$found = FALSE; -if (file_exists("$Page$Args.html")) { - $found = include "./$Page$Args.html"; +ob_start(); # page body +$Place = [ + 'user' => $User->login ?: '', + 'url' => htmlspecialchars($_SERVER['REQUEST_URI']), +]; + +if (isset($Article->raw)) { + if ($User->admin("edit $Page$Args")) { + # restore meta tags in static contents for editing + foreach (array_reverse($Article->meta) as $metaprop => $val) { + $Article->raw = sprintf( + ''."\n", + $metaprop, $val + ) . $Article->raw; + } + } } -elseif (file_exists("$Page$Args/index.html")) { - $found = include "./$Page$Args/index.html"; +elseif ($User->admin("edit {$Article->link}")) { + $Article->raw(file_exists("$Page/template.inc.html") ? "$Page/template.inc.html" : 'template.inc.html'); } -elseif (!empty($User['admin'])) { - $found = include (file_exists("$Page/template.html") ? "$Page/template.html" : './template.html'); +if (isset($Article->raw)) { + $Article->raw = '
'."\n\n".$Article->raw."
\n\n"; } -print "
\n\n"; +# output dynamic and/or static html -# execute dynamic code - -if ($Page) { - $found |= require "./$Page/index.php"; +if (!$Page or require("./$Page/index.php")) { + # static contents + if (isset($Article->raw)) { + print $Article->raw; + } + else { + # no resulting output + http_response_code(404); + @require '404.inc.html'; + } } -# global html - include_once 'page.inc.php'; -if (!$found) { - # no resulting output - http_response_code(404); - ob_start(); - @require "./404.html"; - print getoutput([ 'url' => htmlspecialchars($_SERVER['REQUEST_URI']) ]); -} -