Mischa POSLAWSKY [Wed, 13 Sep 2017 18:03:32 +0000 (20:03 +0200)]
edit: replace executable check by filename validation
No more distinction in php files; prefer a-x.
Mischa POSLAWSKY [Wed, 13 Sep 2017 15:16:03 +0000 (17:16 +0200)]
page: return 500 status and page on php exceptions
Significantly catch syntax errors in editor saves.
Mischa POSLAWSKY [Wed, 13 Sep 2017 11:44:27 +0000 (13:44 +0200)]
page: rework script control
Do not match *.html contents to subrequests, only traverse parents for *.php
scripts which now support an additional output layer for appended output.
This allows parent code to prepare how its subpages will be displayed
(for example, a news directory can surround static articles with metadata).
Mischa POSLAWSKY [Wed, 13 Sep 2017 02:04:12 +0000 (04:04 +0200)]
login: avoid php notice on missing user
Mischa POSLAWSKY [Wed, 13 Sep 2017 02:00:59 +0000 (04:00 +0200)]
edit: toggle editor dynamically
Replace predetermined ?edit mode by javascript activation link in header.
Same results without page reload.
Mischa POSLAWSKY [Wed, 13 Sep 2017 02:00:15 +0000 (04:00 +0200)]
edit: distinct admin template for missing pages
Similar results to javascript modification but much easier to maintain.
Mischa POSLAWSKY [Tue, 12 Sep 2017 21:40:13 +0000 (23:40 +0200)]
page: exclude dynamic output from article container
Restrict editor to only static contents.
Mischa POSLAWSKY [Tue, 12 Sep 2017 21:39:35 +0000 (23:39 +0200)]
login: replace http authentication by cookie system
Extend PHP_AUTH/.htpasswd parser to also control input and storage
for complete control. No longer shares Apache access control; should be
replaced if still needed to prevent duplicate login requests.
Mischa POSLAWSKY [Tue, 12 Sep 2017 19:07:05 +0000 (21:07 +0200)]
page: include path in page includes
Prefer site customisations over minimedit defaults.
Mischa POSLAWSKY [Tue, 12 Sep 2017 18:56:23 +0000 (20:56 +0200)]
page: rename head includes
Site specific header from head.inc.html to head.inc.php to allow code,
replacing generic page container renamed to more appropriate page.inc.php.
Mischa POSLAWSKY [Tue, 12 Sep 2017 18:36:11 +0000 (20:36 +0200)]
page: skip head formatting for script overrides (edit)
Can be included explicitly if wanted.
Mischa POSLAWSKY [Tue, 12 Sep 2017 00:40:41 +0000 (02:40 +0200)]
page: global var to indicate edit mode
Mischa POSLAWSKY [Tue, 12 Sep 2017 00:19:31 +0000 (02:19 +0200)]
page: replace links to current page in menu include
Replaces similar client-side javascript on Excelsior for direct/static
results.
Mischa POSLAWSKY [Tue, 12 Sep 2017 00:16:37 +0000 (02:16 +0200)]
page: wrap menu in header container
Mischa POSLAWSKY [Tue, 12 Sep 2017 00:08:06 +0000 (02:08 +0200)]
page: route requests through global php handler
Move contents of all *.php pages to source *.html, to be included by
page.php depending on requested path. Dynamic contents can optionally be
added by corresponding *.php includes.
Mischa POSLAWSKY [Mon, 11 Sep 2017 23:57:41 +0000 (01:57 +0200)]
page: split head/foot includes
Separate menu.html for site-specific navigation from head.inc.html,
and move mandatory div/body closing tags out of foot.inc.php.
Mischa POSLAWSKY [Tue, 11 Jul 2017 16:13:46 +0000 (18:13 +0200)]
logout: clear user var to prevent disallowed edit option
Mischa POSLAWSKY [Tue, 11 Jul 2017 15:30:57 +0000 (17:30 +0200)]
login: replace page editability var by admin status
Code cleanup, same results.
Mischa POSLAWSKY [Tue, 11 Jul 2017 15:25:57 +0000 (17:25 +0200)]
page: authorise user logins at page start
Move from foot to head to allow usage in all pages.
Mischa POSLAWSKY [Tue, 11 Jul 2017 15:04:38 +0000 (17:04 +0200)]
login: custom welcome page after login
Mischa POSLAWSKY [Tue, 11 Jul 2017 15:57:03 +0000 (17:57 +0200)]
login: separate logout page
Move login fallback to a distinct page to allow forced relogin.
Mischa POSLAWSKY [Mon, 10 Jul 2017 04:49:41 +0000 (06:49 +0200)]
login: emulate apache authentication to check admin login
Send 401 response until user validates as admin (replacing ip whitelisting).
Assume all users except for generic 'lid' are allowed.
Mischa POSLAWSKY [Mon, 10 Jul 2017 03:20:16 +0000 (05:20 +0200)]
page: move client authentication to php include
Mischa POSLAWSKY [Tue, 11 Jul 2017 16:19:47 +0000 (18:19 +0200)]
edit: root include from parent directory on subpages
Mischa POSLAWSKY [Mon, 10 Jul 2017 01:52:57 +0000 (03:52 +0200)]
rename all html files to php
Server permissions to set "AddHandler application/x-httpd-php html"
may not be available. Appropriate extension should work everywhere.
Mischa POSLAWSKY [Mon, 10 Jul 2017 02:09:49 +0000 (04:09 +0200)]
convert ssi html files to php code
Replace includes by equivalent php: single head.inc.php sets up same static
head.inc.html but with mandatory edit container, and existing foot.inc.php
(similar ssi variant no longer needed).
Requires httpd to change .html handler from server-parsed (ssi) to
application/x-httpd-php.
Mischa POSLAWSKY [Mon, 10 Jul 2017 01:36:40 +0000 (03:36 +0200)]
edit: emulate ip authentication in php footer
Equivalent to .htaccess rules for SSI foot.inc.html.
Mischa POSLAWSKY [Mon, 10 Jul 2017 02:44:38 +0000 (04:44 +0200)]
edit: detect executable files as uneditable
Mischa POSLAWSKY [Mon, 10 Jul 2017 01:49:44 +0000 (03:49 +0200)]
404: convert error pages to php code
Only remaining usage of SSI aside from head/foot inclusion.
Mischa POSLAWSKY [Mon, 8 May 2017 09:30:26 +0000 (11:30 +0200)]
edit: drop php shebangs
Output literally in certain configurations, including on Xenat servers after
recent upgrade.
Mischa POSLAWSKY [Wed, 17 Aug 2016 19:58:19 +0000 (21:58 +0200)]
edit: drop executable bits to mark non-editable
Assume CGI compatibility is no longer needed.
Mischa POSLAWSKY [Fri, 23 Jan 2015 13:54:33 +0000 (14:54 +0100)]
edit: preview page css in block options
Mischa POSLAWSKY [Tue, 20 Jan 2015 18:55:07 +0000 (19:55 +0100)]
page: rename head/foot include files
Replace initial common.html and footer.html by a more logical
head.inc.html and foot.inc.html pair.
Mischa POSLAWSKY [Mon, 19 Jan 2015 19:45:19 +0000 (20:45 +0100)]
edit: delete page if emptied
Mischa POSLAWSKY [Mon, 19 Jan 2015 08:32:57 +0000 (09:32 +0100)]
edit: include anchor button to refer news items
Mischa POSLAWSKY [Mon, 19 Jan 2015 08:29:02 +0000 (09:29 +0100)]
ignore untracked ckeditor checkout
Mischa POSLAWSKY [Mon, 19 Jan 2015 08:26:02 +0000 (09:26 +0100)]
edit: generic save icon
Exact link doesn't work with compiled/combined icon sets.
Mischa POSLAWSKY [Sun, 18 Jan 2015 18:52:34 +0000 (19:52 +0100)]
page: prepare php footer include
Superset of footer-noedit.html with partial editing features from
footer.html (missing permission checks) for eventual conversion from SSI.
Mischa POSLAWSKY [Sun, 18 Jan 2015 17:29:06 +0000 (18:29 +0100)]
page: static footer include alternative
Variant of footer.html for php/uneditable files (Excelsior bestel page).
Mischa POSLAWSKY [Fri, 31 Oct 2014 23:37:21 +0000 (00:37 +0100)]
edit: cgi script (shebang and executable)
Mischa POSLAWSKY [Thu, 28 Aug 2014 18:19:14 +0000 (20:19 +0200)]
edit: report successful saves
Mischa POSLAWSKY [Thu, 28 Aug 2014 18:18:09 +0000 (20:18 +0200)]
edit: encode page url in path
Included in access logs.
Mischa POSLAWSKY [Sun, 20 Jul 2014 15:12:08 +0000 (17:12 +0200)]
edit: force paste as plain text
Rich paste contains too much unwanted styling.
Mischa POSLAWSKY [Sun, 20 Jul 2014 14:48:05 +0000 (16:48 +0200)]
edit: page class to indicate edit mode
On Excelsior to show folded (track) contents while editing.
Mischa POSLAWSKY [Wed, 16 Jul 2014 12:39:25 +0000 (14:39 +0200)]
edit: page name fallback for subdirectory index
Mischa POSLAWSKY [Tue, 15 Jul 2014 20:47:51 +0000 (22:47 +0200)]
edit: rooted links to support subdirectories
Mischa POSLAWSKY [Tue, 15 Jul 2014 09:30:31 +0000 (11:30 +0200)]
edit: refer to upcoming image upload handler
Mischa POSLAWSKY [Fri, 11 Jul 2014 16:07:59 +0000 (18:07 +0200)]
edit: disable image resizing (plus workaround)
Unwanted feature which will cause ugly results if accidentally used.
Mischa POSLAWSKY [Fri, 11 Jul 2014 16:07:59 +0000 (18:07 +0200)]
edit: customise default table attributes
Prevent unwanted values for styling attributes.
Mischa POSLAWSKY [Tue, 8 Jul 2014 22:12:26 +0000 (00:12 +0200)]
edit: compatibility html formatting
Match format of existing documents.
Mischa POSLAWSKY [Tue, 8 Jul 2014 22:10:51 +0000 (00:10 +0200)]
404: ErrorDocument with special case to create as admin
Mischa POSLAWSKY [Tue, 8 Jul 2014 17:42:16 +0000 (19:42 +0200)]
edit: link to toggle editing mode
Mischa POSLAWSKY [Tue, 8 Jul 2014 16:52:24 +0000 (18:52 +0200)]
edit: restrict to whitelisted ip addresses
Basic security from Apache configuration:
<Files "edit.php">
Deny from all
Allow from 127.0.0.1/32
</Files>
Mischa POSLAWSKY [Tue, 8 Jul 2014 13:28:23 +0000 (15:28 +0200)]
edit: page editor and php save handler
Inline CKEditor to alter static contents in <div class="article">.
Assumes wanted v4.1.2 ckeditor.js in ckeditor/.
Mischa POSLAWSKY [Fri, 7 Jun 2013 01:35:37 +0000 (03:35 +0200)]
page: common footer include
Generic end of HTML as used on all (SSI) pages:
<!--#include virtual="common.html" -->
contents
<!--#include virtual="footer.html" -->
The top part is site-specific but basically contains the opposite.