git.shiar.nl
/
minimedit.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
page: rework script control
[minimedit.git]
/
edit.php
diff --git
a/edit.php
b/edit.php
index 12859595de865444baf29dd94a8f1eaa1b61ca57..18563365e7d989357bcc9a514ff24cca259d1571 100755
(executable)
--- a/
edit.php
+++ b/
edit.php
@@
-5,12
+5,15
@@
function abort($status, $body) {
exit;
}
exit;
}
+if (!@$User['admin'])
+ abort('401 unauthorised', "geen beheersrechten");
+
if (!$_POST)
abort('405 post error', "niets te doen");
if (!isset($_SERVER['PATH_INFO']) or strlen($_SERVER['PATH_INFO']) <= 1)
abort('409 input error', "geen bestand aangeleverd");
if (!$_POST)
abort('405 post error', "niets te doen");
if (!isset($_SERVER['PATH_INFO']) or strlen($_SERVER['PATH_INFO']) <= 1)
abort('409 input error', "geen bestand aangeleverd");
-$filename =
preg_replace('/(?:\.php)?$/', '.php', ltrim($_SERVER['PATH_INFO'], '/'), 1)
;
+$filename =
ltrim($Args, '/').'.html'
;
if (file_exists($filename) and !is_writable($filename))
abort('403 input error', "ongeldige bestandsnaam: $filename");
if (is_executable($filename))
if (file_exists($filename) and !is_writable($filename))
abort('403 input error', "ongeldige bestandsnaam: $filename");
if (is_executable($filename))
@@
-29,11
+32,7
@@
if (!strlen($upload)) {
exit;
}
exit;
}
-$rootpath = str_repeat('../', substr_count($filename, '/'));
-$prepend = "<?php include '${rootpath}head.inc.php'; ?>\n\n";
-$append = "\n";
-
-if (!file_put_contents($filename, $prepend . $upload . $append))
+if (!file_put_contents($filename, $upload))
abort('500 save error', "fout bij schrijven van $filename");
print "Bestand opgeslagen";
abort('500 save error', "fout bij schrijven van $filename");
print "Bestand opgeslagen";