git.shiar.nl / minimedit.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3c72253)
edit: encode page url in path
authorMischa POSLAWSKY <perl@shiar.org>
Thu, 28 Aug 2014 18:18:09 +0000 (20:18 +0200)
committerMischa POSLAWSKY <perl@shiar.org>
Thu, 28 Aug 2014 18:18:09 +0000 (20:18 +0200)
Included in access logs.

edit.js patch | blob | history
edit.php patch | blob | history

diff --git a/edit.js b/edit.js
index 573f3cd0f97a1570b19d67216bcd1e622852008b..2e961768ddfbccf5fcdbbde21df8718248a9c3c8 100644 (file)
--- a/edit.js
+++ b/edit.js
@@ -2,10 +2,10 @@ CKEDITOR.plugins.add('inlinesave', {
        init: function(editor) {
                editor.addCommand( 'inlinesave', {
                        exec: function (editor) {
-                               var pagename = window.location.pathname.replace(/^\/(?:\.html)?/, '') || 'index';
-                               var data = 'page='+encodeURIComponent(pagename)+'&body='+encodeURIComponent(editor.getData());
+                               var pagename = window.location.pathname.replace(/\.html$/, '').replace(/\/$/, '/index');
+                               var data = 'body='+encodeURIComponent(editor.getData());
                                ajaxpost = new XMLHttpRequest();
-                               ajaxpost.open('POST', '/edit.php', true);
+                               ajaxpost.open('POST', '/edit.php'+pagename, true);
                                ajaxpost.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
                                ajaxpost.onreadystatechange = function () {
                                        if (ajaxpost.readyState != 4)
diff --git a/edit.php b/edit.php
index 657c2790e570a841011790204097be7170ab2e4d..719c2f029976b523d953de8337331b24ac2cd8f8 100644 (file)
--- a/edit.php
+++ b/edit.php
@@ -7,10 +7,10 @@ function abort($status, $body) {
 
 if (!$_POST)
        abort('405 post error', "niets te doen");
-if (!isset($_POST['page']))
+if (!isset($_SERVER['PATH_INFO']) or strlen($_SERVER['PATH_INFO']) <= 1)
        abort('409 input error', "geen bestand aangeleverd");
 
-$filename = preg_replace('/(?:\.html)?$/', '.html', ltrim($_POST['page'], '/'), 1);
+$filename = preg_replace('/(?:\.html)?$/', '.html', ltrim($_SERVER['PATH_INFO'], '/'), 1);
 if (file_exists($filename) and !is_writable($filename))
        abort('403 input error', "ongeldige bestandsnaam: $filename");
 
MinimEdit - databaseless cms with only a bit of php