page: ignore output buffer in article render

Operate on object property [raw] only.

Stops preliminary output (such as in nieuws code) being injected inside the
html body, probably something to restore later for improved behaviour of
errors and broken code.

diff --git a/article.inc.php b/article.inc.php
index cff69ffdec449dcd44fccd1299abc2a793aa1d3e..47a08a7eb67ced8af7a9d30704c61414f91c1797 100644 (file)
--- a/article.inc.php
+++ b/article.inc.php
@@ -207,7 +207,7 @@ class ArchiveArticle
 
        function render()
        {
-               $doc = ob_get_clean();
+               $doc = $this->raw;
 
                if (!empty($this->place['warn'])) {
                        $warn = '<p class="warn">[[warn]]</p>';

diff --git a/nieuws/index.php b/nieuws/index.php
index f6e63a449c7b6377ff58559f56a09b0a5bf88f05..33b61fb49885f00c56f46de82f2f6d78cd37dde8 100644 (file)
--- a/nieuws/index.php
+++ b/nieuws/index.php
@@ -3,7 +3,7 @@ $replyform = $Page->handler == 'melding' && $User->login;
 @list ($year, $page) = explode('/', trim($Page->path, '/'));
 
 if ($User->admin("edit {$Page->handler}")) {
-       print '<script src="/nieuws/edit.js"></script>'."\n";
+       $Page->raw = '<script src="/nieuws/edit.js"></script>'."\n" . $Page->raw;
 }
 
 if ($page and !is_numeric($page)) {

diff --git a/page.inc.php b/page.inc.php
index afaa970868493fc3f509966f11576e47a3e3c64b..8eba91bdac04d80ccd3f8566197e67fe476cbee8 100644 (file)
--- a/page.inc.php
+++ b/page.inc.php
@@ -1,12 +1,8 @@
 <?php
-$body = $Page->render();
-
 include_once 'head.inc.php';
 
 print "<header>\n";
-ob_start();
 $menu = new ArchiveArticle('menu.inc.html');
-print $menu->raw;
 ob_start();
 if ($User and property_exists($User, 'login') and $User->login) {
        print '<div class="login"><p>';
@@ -41,7 +37,7 @@ $nav = preg_replace_callback('{<a href="([^"]+)">(.*?)</a>}', function ($m) {
 print $nav;
 print "</header>\n\n";
 
-print $body;
+print $Page->render();
 
 register_shutdown_function(function () {
        print '<footer>';

diff --git a/page.php b/page.php
index 5eefadb5c8870e13ad8eeb045dce849f1ff258c3..8d2d01c1f3b7852d58db9a3ed283fb9dcd055a7c 100644 (file)
--- a/page.php
+++ b/page.php
@@ -23,9 +23,11 @@ function fail($error)
                $Page->title = 'Fout';
        }
        include_once 'page.inc.php';
+
        ob_start();
        require '500.inc.html';
        $Page->place['debug'] = htmlspecialchars($error);
+       $Page->raw = ob_get_clean();
        print $Page->render();
 }
 
@@ -95,7 +97,6 @@ header(sprintf('Content-Security-Policy: %s', implode('; ', [
        "frame-ancestors 'none'", # prevent malicious embedding
 ])));
 
-ob_start(); # page body
 $Page->place += [
        'user'  => $User->login ?: '',
        'url'   => htmlspecialchars($_SERVER['REQUEST_URI']),
@@ -127,15 +128,18 @@ if (isset($Page->raw)) {
 
 # output dynamic and/or static html
 
-if (!$Page->handler or require("./{$Page->handler}/index.php")) {
-       # static contents
-       if (isset($Page->raw)) {
-               print $Page->raw;
-       }
-       else {
+ob_start();
+if ($Page->handler and !require("./{$Page->handler}/index.php")) {
+       # replace contents by code output on false return
+       $Page->raw = ob_get_clean();
+}
+else {
+       # keep article contents
+       if (!isset($Page->raw)) {
                # no resulting output
                http_response_code(404);
                @require '404.inc.html';
+               $Page->raw = ob_get_clean();
        }
 }
 

diff --git a/widget/nieuws.php b/widget/nieuws.php
index 7185036121902fc2b4e946197282b9f28b583c06..9cf427cf23bfad67d8b47d92f09dd97f6e627363 100644 (file)
--- a/widget/nieuws.php
+++ b/widget/nieuws.php
@@ -74,4 +74,5 @@ if (@$Page->place['view'] === 'toc') {
 }
 ob_start();
 shownews($articles, @$Page->place['n'] ?: 5);
+$Page->raw = ob_get_clean();
 print $Page->render();

diff --git a/widget/page.php b/widget/page.php
index 7304739e4fc2443b369f73382a87df5ada41ee24..37c31fa1be68ca6b4a58a7d8ec94374956763406 100644 (file)
--- a/widget/page.php
+++ b/widget/page.php
@@ -1,5 +1,3 @@
 <?php
 $article = new ArchiveArticle(".{$Page->path}.html");
-ob_start();
-print $article->raw;
 print $article->render();