M classes/Validate.php +2 -17
@@ 21,24 21,9 @@ class Validate
return filter_var($str, FILTER_VALIDATE_EMAIL);
}
- public static function isAvailableFilename($id, $filename) {
- clearstatcache();
- return !file_exists(file_path($id, $filename));
- }
-
- public static function isFilename($str)
+ public static function isPage($str)
{
- // check extension
- if (!in_array(strtolower(pathinfo($str, PATHINFO_EXTENSION)), ['jpeg', 'jpg', 'png', 'gif'])) {
- return false;
- }
-
- // check basename
- if (!preg_match('/^[A-z0-9_()-]+$/', pathinfo($str, PATHINFO_FILENAME))) {
- return false;
- }
-
- return true;
+ return preg_match('/^[a-z0-9_-]+$/', $str);
}
public static function isAcceptableHTML($str) {
M home_update.php +1 -1
@@ 16,7 16,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST
<?php include 'includes/site_header.php'; ?>
<main>
- <h1>Editing <a href="home.php?id=<?= $GLOBALS['user']['id'] ?>">home</a></h1>
+ <h1>Editing <a href="<?=get_url($site_user['name'])?>">home</a></h1>
<?php form_errors($errors) ?>
<form action="<?= $_SERVER['REQUEST_URI'] ?>" method="post" enctype="multipart/form-data">
M includes/app.php +10 -1
@@ 140,6 140,15 @@ function get_link2($username, $slug = nu
}
}
+function get_url($username, $page = null)
+{
+ if (isset($page)) {
+ return "site.php?u=$username&p=$page";
+ } else {
+ return "site.php?u=$username";
+ }
+}
+
function home_link($user_id, $name)
{
return "<a href=\"home.php?u=$name\">$name</a>";
@@ 214,7 223,7 @@ function gmi($text)
return $res;
}
-define('LINK_REGEXP', '/\[\[([\w\d-]+)\]\]/');
+define('LINK_REGEXP', '/\[\[([a-z0-9_-]+)\]\]/');
function content_to_html($content, $user_id)
{
return preg_replace_callback(LINK_REGEXP, function ($match) use ($user_id) {
M includes/home.php +1 -2
@@ 7,12 7,11 @@
<h1><?= $site_user['name'] ?>'s site</h1>
<p>Welcome to your site! Use the edit button to edit this page.</p>
<?php endif; ?>
-</main>
-
<?php if ($is_admin): ?>
<nav class="page-admin">
<a href="home_update.php">Edit</a>
</nav>
<?php endif; ?>
+</main>
<?php include 'site_footer.php'; ?>
No newline at end of file
M includes/page.php +12 -14
@@ 6,35 6,33 @@
<?php else: ?>
<h1>Not found</h1>
<?php if ($is_admin): ?>
- <p>Create page for <?=$p?>?</p>
+ <p>Create page for <?= $p ?>?</p>
<form action="page_create.php" method="post" enctype="multipart/form-data">
<?php include 'includes/csrf.php' ?>
- <input id="title" type="hidden" name="name" autocomplete="off" value="<?=$p?>"
+ <input id="title" type="hidden" name="name" autocomplete="off" value="<?= $p ?>"
class="form-control"/>
<input type="submit" value="Create"/>
</form>
<?php endif; ?>
<?php endif; ?>
-</main>
-<?php if (count($related)): ?>
- <section class="related">
- <nav>
+ <?php if (count($related)): ?>
+ <nav class="related">
<span>Related:</span>
<?php foreach ($related as $r): ?>
<?= get_link2($site_user['name'], $r['slug']) ?>
<?php endforeach; ?>
</nav>
- </section>
-<?php endif; ?>
+ <?php endif; ?>
-<?php if ($page && $is_admin): ?>
- <nav class="page-admin">
- <?= edit_link($p) ?>
- <?= delete_link($p) ?>
- </nav>
-<?php endif; ?>
+ <?php if ($page && $is_admin): ?>
+ <nav class="page-admin">
+ <?= edit_link($p) ?>
+ <?= delete_link($p) ?>
+ </nav>
+ <?php endif; ?>
+</main>
<?php include 'site_footer.php'; ?>
M +1 -1
@@ 14,7 14,7 @@
<header>
<nav>
<?=get_link2($site_user['name'])?>
<a href="<?=get_url($site_user['name'])?>">Home</a>
<a href="pages_index.php?id=<?=$site_user['id']?>">Pages</a>
<a href="changelog.php?id=<?=$site_user['id']?>">Changelog</a>
</nav>
M page_create.php +1 -0
@@ 15,6 15,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST'
$name = trim($form['name']);
// todo: more validation
+ Validate::isPage($name) or $errors[] = "Slug can only contain a-z0-9_-";
if (!count($errors)) {
$id = $GLOBALS['app']->getPage()->create($GLOBALS['user']['id'], $name, '');
M site.php +3 -1
@@ 9,7 9,9 @@ require 'includes/app.php';
if ($p) {
$page = $app->getPage()->get($site_user['id'], $p);
$related = $app->getPage()->related($site_user['id'], $p);
- $content = content_to_html2($page['content'], $site_user);
+ if ($page) {
+ $content = content_to_html2($page['content'], $site_user);
+ }
include 'includes/page.php';
} else {
$content = content_to_html2($site_user['home'], $site_user);
M style.css +5 -11
@@ 1,11 1,12 @@
body {
font-family: sans-serif;
margin: 40px auto;
- padding: 0px 10px;
+ padding: 1em;
max-width: 650px;
line-height: 1.6;
font-size: 18px;
background-color: floralwhite;
+ border: 1px solid;
}
textarea {
@@ 31,27 32,20 @@ nav > * {
footer {
border-top: 1px solid;
+ margin-top: 1em;
padding-top: 1em;
}
-header {
- background-color: plum;
- padding: 10px;
-}
-
.page-admin {
padding: 10px;
background-color: powderblue;
- margin-top: 2em;
-}
-
-main {
- margin-bottom: 2em;
+ margin-top: 1em;
}
.related {
border: 1px dashed midnightblue;
padding: 1em;
+ margin-top: 1em;
}
.link::before {