-
Notifications
You must be signed in to change notification settings - Fork 10
/
cms_edit.php
104 lines (93 loc) · 3.62 KB
/
cms_edit.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
<?php
require './includes/bootstrap.php';
force_id();
if( ! $perm->get('cms')) {
error::fatal(m('Error: Access denied'));
}
$page_data = array();
if($_POST['form_sent'] && check_token()) {
$page_data['url'] = ltrim($_POST['url'], '/');
$page_data['title'] = $_POST['title'];
$page_data['content'] = $_POST['content'];
$page_data['markup'] = ($_POST['syntax'] == 'markup' ? 1 : 0);
}
if($_GET['edit']) {
if( ! ctype_digit($_GET['edit'])) {
error::fatal('Invalid page ID.');
}
$res = $db->q('SELECT url, page_title AS title, content, markup FROM pages WHERE id = ?', $_GET['edit']);
if( ! $res) {
$template->title = 'Non-existent page';
error::fatal('There is no page with that ID.');
}
$original_data = $res->fetch(PDO::FETCH_ASSOC);;
if( ! $_POST['form_sent']) {
$page_data = $original_data;
}
$editing = true;
$template->title = 'Editing page: <a href="' . DIR . $page_data['url'] . '">' . htmlspecialchars($page_data['title']) . '</a>';
$page_data['id'] = $_GET['edit'];
} else { // New page.
$template->title = 'New page';
if ( ! empty($page_data['title'])) {
$template->title .= ': ' . htmlspecialchars($page_data['title']);
}
}
if($_POST['post']) {
check_token();
if(empty($page_data['url'])) {
error::add('A path is required.');
}
if(error::valid()) {
$page_data['content'] = str_replace('/textarea', '/textarea', $page_data['content']);
if ($editing) {
$db->q('INSERT INTO revisions (type, foreign_key, text) VALUES (?, ?, ?)', 'page', $page_data['id'], $original_data['content']);
$revision_id = $db->lastInsertId();
$db->q('UPDATE pages SET url = ?, page_title = ?, content = ?, markup = ? WHERE id = ?', $page_data['url'], $page_data['title'], $page_data['content'], $page_data['markup'], $page_data['id']);
$notice = 'Page successfully edited.';
log_mod('cms_edit', $page_data['url'], $revision_id);
} else { // New page.
$add_page = $db->q('INSERT INTO pages (url, page_title, content, markup) VALUES (?, ?, ?, ?)', $page_data['url'], $page_data['title'], $page_data['content'], $page_data['markup']);
$notice = 'Page successfully created.';
log_mod('cms_new', $page_data['url']);
}
redirect($notice, $page_data['url']);
}
error::output();
}
if ($_POST['preview'] && ! empty($page_data['content'])) {
$preview = $page_data['content'];
if($page_data['markup']) {
$preview = parser::parse($preview);
}
echo '<h3 id="preview">Preview</h3><div class="body standalone"> <h2>' . $page_data['title'] . '</h2>' . $preview . '</div>';
}
?>
<form action="" method="post">
<?php csrf_token() ?>
<div class="noscreen">
<input type="hidden" name="form_sent" value="1" />
</div>
<div class="row">
<label for="url">Path</label>
<input id="url" name="url" value="<?php echo htmlspecialchars($page_data['url']) ?>" />
</div>
<div class="row">
<label for="title">Page title</label>
<input id="title" name="title" value="<?php echo htmlspecialchars($page_data['title']) ?>" />
</div>
<div class="row">
<textarea id="content" name="content" cols="120" rows="25"><?php echo str_replace('/textarea', '/textarea', $page_data['content']) ?></textarea>
</div>
<div class="row">
<input type="radio" name="syntax" value="HTML" class="inline"<?php if( ! $page_data['markup']) echo ' checked' ?>> HTML
<input type="radio" name="syntax" value="markup" class="inline"<?php if($page_data['markup']) echo ' checked' ?>> <a href="<?php echo DIR ?>markup_syntax">Markup syntax</a>
</div>
<div class="row">
<input type="submit" name="preview" value="Preview" class="inline" />
<input type="submit" name="post" value="Submit" class="inline">
</div>
</form>
<?php
$template->render();
?>