diff options
| -rw-r--r-- | code/admin/add.php | 65 | ||||
| -rw-r--r-- | code/admin/utils.php | 10 |
2 files changed, 51 insertions, 24 deletions
diff --git a/code/admin/add.php b/code/admin/add.php index 02622fc..3bbb547 100644 --- a/code/admin/add.php +++ b/code/admin/add.php @@ -2,10 +2,14 @@ require_once('utils.php'); need_auth(); + function is_valid_path($kind,$path) { + $fullpath=(($kind=='media')?'media/':'content/').$path.'/'.$name; + return is_dir($fullpath); + } + function add_fold($kind,$path,$name) { $fullpath=(($kind=='media')?'media/':'content/').$path.'/'.$name; -echo $fullpath . "\n"; - return mkdir($fullpath); + return mkdir($fullpath)===1?0:E_SYSTEM_ERROR; } function add_media($path,$name) { @@ -15,7 +19,7 @@ echo $fullpath . "\n"; function add_page($path,$name) { if ( $res=add_fold('page',$path,$name) ) { $props = array( - 'page_template' => 'default', + 'page_template' => 'default', //TODO : not static 'page_layout' => 'article', 'page_title' => '(missing)', 'page_description' => '(missing)', @@ -26,6 +30,29 @@ echo $fullpath . "\n"; } return $res; } + + // TODO : choose between unix convention (0 is fine, else is error) and PHP one (FALSE is error, else is okay) + function do_action($kind,$action,$path,$name) { + if ($action==='none') return 0; + if ($name==='') return E_INVALID_NAME; + if ( ! is_valid_path($kind,$path) ) return E_INVALID_PATH; + if ( is_valid_path($kind,$path . '/' . $name) ) return E_INVALID_NAME; + + switch ($action) { + case 'add_fold': + return add_fold($kind,$path,$name); + break; + case 'add_item': + if ( $kind=='media' ) { + return add_media($path,$name); + } else { + return add_page($path,$name); + } + break; + default: + return E_INVALID_ACTION; + } + } // Config loading $site_conf = load_ini_site_conf("content/site_conf.ini"); @@ -34,28 +61,22 @@ echo $fullpath . "\n"; // Localization Init l10n_init($site_conf['site_admin_lang']); + $default_path = _('(choose a folder in the tree)'); // URL parameter parsing $kind = sanitize($_GET, 'kind', RE_IDENTIFIER_CLEANER, 'page'); /* Could be : page, media */ - $action=sanitize($_GET, 'action', RE_IDENTIFIER_CLEANER, 'preview'); /* Could be : none, add_fold, add_item */ - $path = sanitize($_GET, 'path', RE_RELPATH_CLEANER, ''); + $action=sanitize($_GET, 'action', RE_IDENTIFIER_CLEANER, 'none'); /* Could be : none, add_fold, add_item */ + $path = sanitize($_GET, 'path', RE_RELPATH_CLEANER, $default_path); $name = sanitize($_GET, 'name', RE_IDENTIFIER_CLEANER, ''); // Pre-computed because used twice $page_title = _('Admin') . ' - ' . ( ($kind=='media')?_('Add or remove a media'):_('Add or remove a page') ); - $res=null; - switch ($action) { - case 'add_fold': - $res=add_fold($kind,$path,$name); - break; - case 'add_item': - if ( $kind=='media' ) { - $res=add_media($path,$name); - } else { - $res=add_page($path,$name); - } - break; - } + $res=do_action($kind,$action,$path,$name); + if ($res===E_INVALID_PATH) $path = $default_path; + + //echo "<pre>\$res==$res</pre>\n"; + //TODO : user feedback for success/failure + ?> <!DOCTYPE html> <html> @@ -88,18 +109,18 @@ echo $fullpath . "\n"; <fieldset> <legend><?=_('Selected folder')?></legend> <label for="fold_path"><?=_('Folder path')?></label> -<input id="fold_path" name="fold_path" readonly="readonly" value="<?=_('(choose a folder in the tree)')?>"><br> +<input id="fold_path" name="fold_path" readonly="readonly" value="<?=$path?>"><br> <label for="fold_add_name"><?=_('New item name')?></label> <input id="fold_add_name" type="text" value=""><br> -<label for="fold_add_fold"><?=_('Actions')?></label> +<label for="fold_add_item"><?=_('Actions')?></label> +<input id="fold_add_item" type="button" value="<?=($kind=='media')?_('Add media'):_('Add page')?>" onclick="go_add('<?=$kind?>','item');"> <input id="fold_add_fold" type="button" value="<?=_('Add folder')?>" onclick="go_add('<?=$kind?>','fold');"> -<input id="fold_add_item" type="button" value="<?=_('Add page')?>" onclick="go_add('<?=$kind?>','item');"> </fieldset> </span><!-- No blanks here, important for CSS --><span class="inline_half"> <input id="fold_back_admin" type="button" value="<?=_('Back to admin')?>" onclick="go_admin_page();"> - +</span> </form> </body> </html> diff --git a/code/admin/utils.php b/code/admin/utils.php index 4db2d2d..30d3788 100644 --- a/code/admin/utils.php +++ b/code/admin/utils.php @@ -4,6 +4,11 @@ define('RE_LANG_IDENT_CLEANER', '/[^a-zA-Z\/\_-]+/'); define('RE_RELPATH_CLEANER', '/[^a-zA-Z0-9_\/-]+/'); // Never put \. in this regex + define('E_INVALID_ACTION', -1); + define('E_INVALID_PATH', -2); + define('E_INVALID_NAME', -3); + define('E_SYSTEM_ERROR', -4); + function sanitize($arg_array, $arg_key, $replace_chars_re, $default_value) { //FIXME : should check string type and strlen ! if ( ! array_key_exists($arg_key, $arg_array) ) return $default_value; @@ -140,14 +145,15 @@ echo "</ul>\n"; } + // TODO : choose between unix convention (0 is fine, else is error) and PHP one (FALSE is error, else is okay) function safe_put_file($path, $content) { //FIXME : if exists, then mktemp, put in it then rm and mv. Right preservation problems ? - $res=FALSE; + $res=-1; if ($handle = fopen($path, 'w')) { $res = fwrite($handle, $content); fclose($handle); } - return $res; + return ($res===strlen($content))?0:E_SYSTEM_ERROR; } function _write_ini_file_r(&$content, $assoc_arr, $has_sections) |