Added regexp to strip away any special chars from filename

Deleted obsolete file updatefile.php and rewrote editfile.php completly
Reworked 'nodir'-function a bit and included it in the Page-class instead. Started working on a way to edit content files
2014-07-05 10:40:49 +02:00 · 2014-07-04 20:10:54 +02:00 · 2014-07-04 18:27:49 +02:00
7 changed files with 58 additions and 3 deletions
--- a/includes/content.php
+++ b/includes/content.php
@ -2,6 +2,7 @@
 class Page
 {
    public $name, $filename;
+    public static $parentDir = "../";
    public static $contentFolder = "content/";
    
    public function __construct($name, $filename)
@ -26,11 +27,24 @@ class Page
        return $this->filename;
    }

+    public function nodir($item)
+    {
+        return (!is_dir(Page::$parentDir . Page::$contentFolder . $item));
+    }
+    
+    public static function fileList()
+    {
+        $dirContent = scandir(Page::$parentDir . Page::$contentFolder);
+        $files = (array_filter($dirContent, "Page::nodir"));
+        return $files;
+    }
+    
    // For future-uses...
    public function getName()
    {
        return $this->name;
    }
+    
 }
    
 ?>
--- a/includes/htmlcode.php
+++ b/includes/htmlcode.php
@ -3,7 +3,7 @@
 function start_html($title)
 {
 print "
-<html>
+<!DOCTYPE html>
 <head>
 <title>$title</title>
 </head>
--- a/includes/miscfunc.php
+++ b/includes/miscfunc.php
@ -3,6 +3,7 @@ function terminate($message="")
 {
    print "$message\n";
    footer();
-    exit(1);
+    exit(0);
 }
+
 ?>
--- a/index.php
+++ b/index.php
@ -78,7 +78,6 @@ $contactPage = new Page("Contact", "contact.html");
                }
                
                $dirContent = scandir(Page::$contentFolder);
-
                $files = (array_filter($dirContent, "nodir"));

                // Iterate through all the files for a match (from ?content=)
--- a/user/editfile.php
+++ b/user/editfile.php
@ -0,0 +1,28 @@
+<?php
+require ("../includes/content.php");
+require ("../includes/miscfunc.php");
+require ("../includes/htmlcode.php");
+
+/*regexp to strip away '..', '/' and so forth. Filename must now be in the
+  format of myfile.ext, where myfile can be 1 to 20 chars long (including '-'
+  and '_') and ext can be
+  from 1 to 4 chars.*/
+$filename = $_GET['file'];
+preg_match_all("/[a-z_\-0-9]{1,30}\.[a-z]{1,4}/i", $filename, $checkedFilename);
+$file = Page::$parentDir . Page::$contentFolder . $checkedFilename[0][0];
+
+if(isset($_POST['content']))
+{
+        $postedContent = $_POST['content']; 
+        file_put_contents($file, $postedContent);
+}
+start_html("Edit file");
+print "<form action=\"\" method=\"post\">\n";
+$content = file_get_contents($file);
+print "<textarea name='content' cols='80' rows='30'>\n" . ($content) . "\n</textarea>";
+print "<br/>\n
+<input type=\"submit\" value=\"Save file\"/>
+</form>";
+end_html();
+
+?>
--- a/user/editfiles.php
+++ b/user/editfiles.php
@ -0,0 +1,10 @@
+<?php
+require ("../includes/content.php");
+require ("../includes/miscfunc.php");
+
+$files = Page::fileList();
+foreach($files as $file)
+{
+    print "<a href=\"editfile.php?file=$file\">$file</a><br/>\n";
+}
+?>
--- a/user/index.php
+++ b/user/index.php
@ -12,6 +12,9 @@ include "../includes/login.inc";
 <a href="edit.php">Edit existing post</a>
 </p>
 <p>
+<a href="editfiles.php">Edit content files</a>
+</p>
+<p>
 <a href="logout.php">Logout</a>
 </p>
Author	SHA1	Message	Date
Jack-Benny Persson	025f537074	Added regexp to strip away any special chars from filename	2014-07-05 10:40:49 +02:00
Jack-Benny Persson	56da0c396a	Deleted obsolete file updatefile.php and rewrote editfile.php completly	2014-07-04 20:10:54 +02:00
Jack-Benny Persson	b9cbc947b5	Reworked 'nodir'-function a bit and included it in the Page-class instead. Started working on a way to edit content files	2014-07-04 18:27:49 +02:00