X-Git-Url: http://git.shiar.net/minimedit.git/blobdiff_plain/170f16e2dd3a643423ea3681bf4ea42d320e1cf4..f2df190a6c4a0128eb351bc398cffd0edf8d6096:/page.php diff --git a/page.php b/page.php index e23b3e2..93b705f 100644 --- a/page.php +++ b/page.php @@ -122,38 +122,14 @@ $User = NULL; include_once 'auth.inc.php'; $Edit = isset($_GET['edit']); -# distinguish subpage Args from topmost Page script +# setup requested page $Args = ''; $Page = preg_replace('/\?.*/', '', @$_SERVER['PATH_INFO'] ?: $_SERVER['REQUEST_URI']); $Page = urldecode(trim($Page, '/')) ?: 'index'; -while (TRUE) { - if (file_exists("$Page/.private")) { - # access restriction - if (empty($User)) { - http_response_code(303); - $target = urlencode($_SERVER['REQUEST_URI']); - header("Location: /login?goto=$target"); - exit; - } - $PageAccess = $Page; - } - - if (file_exists("$Page/index.php")) { - break; - } - - $up = strrpos($Page, '/'); - $Args = substr($Page, $up) . $Args; - $Page = substr($Page, 0, $up); - if ($up === FALSE) { - break; - } -} -$staticpage = NULL; -if (file_exists("$Page$Args.html")) { - $staticpage = "$Page$Args.html"; +$staticpage = "$Page.html"; +if (file_exists($staticpage)) { if (is_link($staticpage)) { $target = preg_replace('/\.html$/', '', readlink($staticpage)); header("HTTP/1.1 302 Shorthand"); @@ -161,17 +137,34 @@ if (file_exists("$Page$Args.html")) { exit; } } -elseif (file_exists("$Page$Args/index.html")) { - $staticpage = "$Page$Args/index.html"; +elseif (file_exists("$Page/index.html")) { + $staticpage = "$Page/index.html"; } -elseif ($User and $User->admin("edit $Page$Args")) { - $staticpage = (file_exists("$Page/template.inc.html") ? "$Page/template.inc.html" : 'template.inc.html'); + +require_once('article.inc.php'); +$Article = new ArchiveArticle($staticpage); + +$Page = $Article->handler; +$Args = $Article->path; + +if ($PageAccess = $Article->restricted) { + # access restriction + if (empty($User)) { + http_response_code(303); + $target = urlencode($Article->link); + header("Location: /login?goto=$target"); + exit; + } } # prepare page contents -require_once('article.inc.php'); -$Article = new ArchiveArticle($staticpage); +header(sprintf('Content-Security-Policy: %s', implode('; ', [ + "default-src 'self' 'unsafe-inline' http://cdn.ckeditor.com", # some overrides remain + "img-src 'self' data: http://cdn.ckeditor.com", # inline svg (in css) + "base-uri 'self'", # only local pages + "frame-ancestors 'none'", # prevent malicious embedding +]))); ob_start(); # page body $Place = [ @@ -189,6 +182,11 @@ if (isset($Article->raw)) { ) . $Article->raw; } } +} +elseif ($User and $User->admin("edit {$Article->link}")) { + $Article->raw(file_exists("$Page/template.inc.html") ? "$Page/template.inc.html" : 'template.inc.html'); +} +if (isset($Article->raw)) { $Article->raw = '
'."\n\n".$Article->raw."
\n\n"; }