edit: optional target upload directory

[minimedit.git] / edit / index.php

<?php
ob_clean();

if (empty($User['admin']))
        abort("geen beheersrechten", '401 unauthorised');

if ($_FILES) {
        $response = ['uploaded' => 0];
        try {
                $img = @$_FILES['upload'];
                $response['fileName'] = $img['name'];
                if (!$img or $img['error'] !== UPLOAD_ERR_OK)
                        throw new Exception('bestand niet goed ontvangen: '.$img['error']);

                $datadir = implode('/', ['data', date('Y')]);
                if ($Args) $datadir .= $Args;
                if (!file_exists($datadir) and !@mkdir($datadir, 0777, TRUE)) {
                        throw new Exception("bestand kon niet geplaatst worden in $datadir");
                }

                $target = $datadir.'/'.$img['name'];
                $response['url'] = str_replace('%2F', '/', urlencode($target));
                if (!@move_uploaded_file($img['tmp_name'], $target)) {
                        throw new Exception('bestand kon niet worden opgeslagen');
                }
                $response['uploaded']++;
        }
        catch (Exception $e) {
                $response['error'] = ['message' => $e->getMessage()];
        }

        switch (@$_GET['output']) {
        case 'ckjson':
                print json_encode($response);
                exit;
        case 'ckescript':
                if (empty($response['url'])) break;
                printf('<script>window.parent.CKEDITOR.tools.callFunction(%s)</script>',
                        "{$_GET['CKEditorFuncNum']}, '{$response['url']}'"
                );
                break;
        default:
                if (empty($response['url'])) break;
                print $target;
        }

        if (isset($response['error'])) {
                abort($response['error']['message'], '409 upload error');
        }
        exit;
}

if (!$_POST)
        abort("niets te doen", '405 post error');
if (!$Args)
        abort("geen bestand aangeleverd", '409 input error');

$filename = ltrim($Args, '/').'.html';
if (preg_match('{^\.}', $filename))
        abort("ongeldige bestandsnaam: $filename", '403 input error');
if (file_exists($filename) and !is_writable($filename))
        abort("onwijzigbaar bestand: $filename", '403 input error');

if (!isset($_POST['body']))
        abort("geen inhoud aangeleverd", '409 input error');

$upload = $_POST['body'];

if (!strlen($upload)) {
        if (file_exists($filename) and !unlink($filename))
                abort("fout bij het verwijderen van $filename", '500 delete error');

        abort("Bestand verwijderd");
}

if (!file_exists(dirname($filename)) and !mkdir(dirname($filename), 0777, TRUE))
        abort("fout bij aanmaken van map voor $filename", '500 save error');

if (!file_put_contents($filename, $upload))
        abort("fout bij schrijven van $filename", '500 save error');

if (is_writable('../.git')) {
        $gitmsg = preg_replace('/\.html$/', '', $filename).": edit from {$_SERVER['REMOTE_ADDR']}";
        $gitcmd = 'git';
        $gitcmd .= ' -c user.name='.escapeshellarg($User['name']);
        $gitcmd .= ' -c user.email='.escapeshellarg("{$User['name']}@lijtweg.nl");
        $gitcmd .= ' commit -q';
        $gitcmd .= ' -m '.escapeshellarg($gitmsg);
        $gitcmd .= ' -- '.escapeshellarg($filename);
        exec("$gitcmd 2>&1", $gitlog, $gitstatus);
        if ($gitstatus) {
                trigger_error("git commit failure $gitstatus: ".implode("\n", $gitlog), E_USER_WARNING);
        }
}

abort("Bestand opgeslagen");