Deleted obsolete file updatefile.php and rewrote editfile.php completly

2014-07-04 20:10:54 +02:00 · 2014-07-04 20:10:54 +02:00 · 56da0c396a
commit 56da0c396a
parent b9cbc947b5
2 changed files with 14 additions and 42 deletions
--- a/user/editfile.php
+++ b/user/editfile.php
@ -2,33 +2,22 @@
 require ("../includes/content.php");
 require ("../includes/miscfunc.php");
 require ("../includes/htmlcode.php");
-$filename = $_GET['file'];
-$file = Page::$parentDir . Page::$contentFolder . $filename;

-$filehandle = fopen ("$file", "rw");
-$content = fread($filehandle, filesize($file));
+//Make some form of control below, this is unsafe...
+$file = Page::$parentDir . Page::$contentFolder . $_GET['file'];

+if(isset($_POST['content']))
+{
+        $postedContent = $_POST['content']; 
+        file_put_contents($file, $postedContent);
+}
 start_html("Edit file");
-print "<form action=\"$_SERVER[PHP_SELF]\" method='post'>
-Text: <br />
-<textarea cols='80' rows='30' name='file'>$content</textarea>
-<br />
-<input type='submit' value='Save file'>
-</form>
-";
+print "<form action=\"\" method=\"post\">\n";
+$content = file_get_contents($file);
+print "<textarea name='content' cols='80' rows='30'>\n" . ($content) . "\n</textarea>";
+print "<br/>\n
+<input type=\"submit\" value=\"Save file\"/>
+</form>";
+end_html();

-if (!isset($_POST['post']))
-{
-    end_html();
-    die;
-}
-
-if (fwrite($filehandle, $_POST['post']) === FALSE) 
-{
-    echo "Cannot write to file ($file)";
-    exit;
-}
-
-echo "Success, saved file ($file)";
-fclose($filehandle);
 ?>
--- a/user/updatefile.php
+++ b/user/updatefile.php
@ -1,17 +0,0 @@
-<?php
-if (!isset($_POST['post']))
-{
-    end_html();
-    die;
-}
-
-if (fwrite($filehandle, $_POST['post']) === FALSE) 
-{
-    echo "Cannot write to file ($file)";
-    exit;
-}
-
-echo "Success, saved file ($file)";
-fclose($filehandle);
-
-?>