From 19cde41f182998a36cdac76d530881aaea24c719 Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Tue, 12 Sep 2017 02:08:06 +0200
Subject: [PATCH] page: route requests through global php handler

Move contents of all *.php pages to source *.html, to be included by
page.php depending on requested path.  Dynamic contents can optionally be
added by corresponding *.php includes.
---
 .htaccess    |  6 ++++++
 edit.js      |  6 +++---
 edit.php     |  8 ++------
 foot.inc.php | 11 +++--------
 head.inc.php |  4 ++++
 page.php     | 32 ++++++++++++++++++++++++++++++++
 6 files changed, 50 insertions(+), 17 deletions(-)
 create mode 100644 .htaccess
 create mode 100644 page.php

diff --git a/.htaccess b/.htaccess
new file mode 100644
index 0000000..ef206d7
--- /dev/null
+++ b/.htaccess
@@ -0,0 +1,6 @@
+RewriteEngine  on
+RewriteBase    /
+
+# common php handler
+RewriteCond    %{REQUEST_FILENAME} !-f
+RewriteRule '' page.php%{REQUEST_FILENAME} [L]
diff --git a/edit.js b/edit.js
index dee1038..6f9211e 100644
--- a/edit.js
+++ b/edit.js
@@ -2,10 +2,10 @@ CKEDITOR.plugins.add('inlinesave', {
 	init: function(editor) {
 		editor.addCommand( 'inlinesave', {
 			exec: function (editor) {
-				var pagename = window.location.pathname.replace(/\.php$/, '').replace(/\/$/, '/index');
+				var pagename = window.location.pathname.replace(/\/$/, '/index');
 				var data = 'body='+encodeURIComponent(editor.getData());
 				ajaxpost = new XMLHttpRequest();
-				ajaxpost.open('POST', '/edit.php'+pagename, true);
+				ajaxpost.open('POST', '/edit'+pagename, true);
 				ajaxpost.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
 				ajaxpost.onreadystatechange = function () {
 					if (ajaxpost.readyState != 4)
@@ -46,7 +46,7 @@ CKEDITOR.on('instanceCreated', function (event) {
 		config.format_tags = 'h2;h3;h4;p';
 		config.allowedContent = true;
 		config.entities = false; // keep unicode
-		config.filebrowserImageUploadUrl = '/edit.php?type=img';
+		config.filebrowserImageUploadUrl = '/edit?type=img';
 		config.forcePasteAsPlainText = true;
 		config.contentsCss = '/excelsior.css';
 		config.toolbar = [
diff --git a/edit.php b/edit.php
index 3774bfc..fe80528 100755
--- a/edit.php
+++ b/edit.php
@@ -14,7 +14,7 @@ if (!$_POST)
 if (!isset($_SERVER['PATH_INFO']) or strlen($_SERVER['PATH_INFO']) <= 1)
 	abort('409 input error', "geen bestand aangeleverd");
 
-$filename = preg_replace('/(?:\.php)?$/', '.php', ltrim($_SERVER['PATH_INFO'], '/'), 1);
+$filename = ltrim($Args, '/').'.html';
 if (file_exists($filename) and !is_writable($filename))
 	abort('403 input error', "ongeldige bestandsnaam: $filename");
 if (is_executable($filename))
@@ -33,11 +33,7 @@ if (!strlen($upload)) {
 	exit;
 }
 
-$rootpath = str_repeat('../', substr_count($filename, '/'));
-$prepend = "<?php include '${rootpath}head.inc.php'; ?>\n\n";
-$append  = "\n";
-
-if (!file_put_contents($filename, $prepend . $upload . $append))
+if (!file_put_contents($filename, $upload))
 	abort('500 save error', "fout bij schrijven van $filename");
 
 print "Bestand opgeslagen";
diff --git a/foot.inc.php b/foot.inc.php
index 96b05ea..e3e36b6 100755
--- a/foot.inc.php
+++ b/foot.inc.php
@@ -2,21 +2,16 @@
 <?php
 define('N', "\n");
 
-global $User, $Admin;
-
-$curfile = ltrim($_SERVER['SCRIPT_NAME'], '/');
-if (is_executable(__DIR__ . '/' . $curfile)) {
-	// dynamic code is +x
-	$Admin = FALSE;
-}
+global $Page, $User, $Admin;
 
 if ($Admin) {
 	$edit = preg_match('/[?]edit$/', $_SERVER['REQUEST_URI']);
+	$notfound = $Page == '404';
 
 	if ($edit) {
 		echo '<script src="/ckeditor/ckeditor.js"></script>'.N;
 		echo '<script src="/edit.js"></script>'.N;
-		if (($notfound = $_SERVER['SCRIPT_NAME'] == '/404.php')) {
+		if ($notfound) {
 			echo <<<'EOT'
 <script>
 var pagebody = document.getElementsByClassName('article')[0];
diff --git a/head.inc.php b/head.inc.php
index f8435ff..2e57f81 100644
--- a/head.inc.php
+++ b/head.inc.php
@@ -12,3 +12,7 @@ register_shutdown_function(function () {
 	include 'foot.inc.php';
 	print "</body></html>\n";
 });
+
+include "$Page.html";
+if (file_exists("$Page.php")) include_once("$Page.php");
+
diff --git a/page.php b/page.php
new file mode 100644
index 0000000..5d79cf6
--- /dev/null
+++ b/page.php
@@ -0,0 +1,32 @@
+<?php
+error_reporting(E_ALL);
+ini_set('display_errors', TRUE);
+
+$Args = '';
+$Page = preg_replace('/\?.*/', '', $_SERVER['REQUEST_URI']);
+$Page = urldecode(trim($Page, '/')) ?: 'index';
+while (TRUE) {
+	if (file_exists("$Page/index.html")) {
+		$Page .= '/index';
+		break;
+	}
+	if (file_exists("$Page.html")) {
+		break;
+	}
+	if (file_exists("$Page.php")) {
+		# unformatted script override
+		require "$Page.php";
+		break;
+	}
+
+	$up = strrpos($Page, '/');
+	if ($up === FALSE) {
+		http_response_code(404);
+		$Page = '404';
+		break;
+	}
+	$Args = substr($Page, $up) . $Args;
+	$Page = substr($Page, 0, $up);
+}
+
+include 'head.inc.php';
-- 
2.30.0