From 643c4d7625a1b1db94edef4eb633fa67c3b53ae0 Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Thu, 28 Aug 2014 20:18:09 +0200
Subject: [PATCH] edit: encode page url in path

Included in access logs.
---
 edit.js  | 6 +++---
 edit.php | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/edit.js b/edit.js
index 573f3cd..2e96176 100644
--- a/edit.js
+++ b/edit.js
@@ -2,10 +2,10 @@ CKEDITOR.plugins.add('inlinesave', {
 	init: function(editor) {
 		editor.addCommand( 'inlinesave', {
 			exec: function (editor) {
-				var pagename = window.location.pathname.replace(/^\/(?:\.html)?/, '') || 'index';
-				var data = 'page='+encodeURIComponent(pagename)+'&body='+encodeURIComponent(editor.getData());
+				var pagename = window.location.pathname.replace(/\.html$/, '').replace(/\/$/, '/index');
+				var data = 'body='+encodeURIComponent(editor.getData());
 				ajaxpost = new XMLHttpRequest();
-				ajaxpost.open('POST', '/edit.php', true);
+				ajaxpost.open('POST', '/edit.php'+pagename, true);
 				ajaxpost.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
 				ajaxpost.onreadystatechange = function () {
 					if (ajaxpost.readyState != 4)
diff --git a/edit.php b/edit.php
index 657c279..719c2f0 100644
--- a/edit.php
+++ b/edit.php
@@ -7,10 +7,10 @@ function abort($status, $body) {
 
 if (!$_POST)
 	abort('405 post error', "niets te doen");
-if (!isset($_POST['page']))
+if (!isset($_SERVER['PATH_INFO']) or strlen($_SERVER['PATH_INFO']) <= 1)
 	abort('409 input error', "geen bestand aangeleverd");
 
-$filename = preg_replace('/(?:\.html)?$/', '.html', ltrim($_POST['page'], '/'), 1);
+$filename = preg_replace('/(?:\.html)?$/', '.html', ltrim($_SERVER['PATH_INFO'], '/'), 1);
 if (file_exists($filename) and !is_writable($filename))
 	abort('403 input error', "ongeldige bestandsnaam: $filename");
 
-- 
2.30.0