summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--code/admin/add.php4
-rw-r--r--code/admin/admin.js3
-rw-r--r--code/admin/ajax.php9
-rw-r--r--code/admin/render.php17
-rw-r--r--code/admin/utils.php35
-rwxr-xr-xdist/build_all.sh6
-rw-r--r--locale/en_US.po116
-rw-r--r--locale/fr_FR.po17
8 files changed, 117 insertions, 90 deletions
diff --git a/code/admin/add.php b/code/admin/add.php
index 0869dd5..cb2ff16 100644
--- a/code/admin/add.php
+++ b/code/admin/add.php
@@ -10,7 +10,7 @@
l10n_init($site_conf['site_admin_lang']);
// URL parameter parsing
- $kind = sanitize($_GET, 'kind', '/[^a-z_]+/', 'page'); /* Could be : page, media */
+ $kind = sanitize($_GET, 'kind', RE_IDENTIFIER_CLEANER, 'page'); /* Could be : page, media */
// Pre-computed because used twice
$page_title = _('Admin') . ' - ' . ( ($kind=='media')?_('Add a media'):_('Add a page') );
@@ -43,7 +43,7 @@
</fieldset>
<fieldset>
-<legend><?=($kind=='media')?_('Media folder'):_('Page folder')?></legend>
+<legend><?=_('Selected folder')?></legend>
<label for="fold_path"><?=_('Folder path')?></label>
<input id="fold_path" name="fold_path" readonly="readonly" value="<?=_('(choose a folder in the tree)')?>"><br>
diff --git a/code/admin/admin.js b/code/admin/admin.js
index 669658d..9c2536e 100644
--- a/code/admin/admin.js
+++ b/code/admin/admin.js
@@ -57,10 +57,11 @@ function save_page_props() {
microAjaxJSON(url, function (parsed_json) {
if ( parsed_json.result != "OK" ) {
alert("Error\nResult: " + parsed_json.result + "\nRequest: " + url);
- return;
}
//TODO : says to user that the work is done
});
+
+ load_page_props(path);
}
function save_media_props() {
diff --git a/code/admin/ajax.php b/code/admin/ajax.php
index 0893843..fd6dab5 100644
--- a/code/admin/ajax.php
+++ b/code/admin/ajax.php
@@ -15,11 +15,12 @@
}
function save_page_props($path) {
- //TODO : Should validate props here also...
$props=load_page_props($path);
foreach ( array('page_title', 'page_description', 'page_keywords') as $k ) {
- if ( array_key_exists($k,$_GET) ) $props[$k]=$_GET[$k];
+ if ( array_key_exists($k,$_GET) ) {
+ $props[$k]= sanitize($_GET, $k, RE_TEXT_LINE_CLEANER, '');
+ }
}
$ini_path="content/$path/props.ini";
@@ -31,8 +32,8 @@
}
// URL params clean-up
- $action=sanitize($_GET, 'action', '/[^a-z_]+/', 'none'); /* Could be : load_page_props, load_media_props... */
- $path=sanitize($_GET, 'path', '/[^a-z0-9\/]+/', ''); // Never put \. in this regex
+ $action=sanitize($_GET, 'action', RE_IDENTIFIER_CLEANER, 'none'); /* Could be : load_page_props, load_media_props... */
+ $path = sanitize($_GET, 'path', RE_RELPATH_CLEANER, '');
switch($action) {
case 'load_page_props':
diff --git a/code/admin/render.php b/code/admin/render.php
index 2d49f01..0492224 100644
--- a/code/admin/render.php
+++ b/code/admin/render.php
@@ -6,18 +6,15 @@
if ( ! is_array($site_conf) ) trigger_error("Error parsing site_conf.ini", E_USER_ERROR);
if (PHP_SAPI === 'cli') {
- // In cli mode, take args from the command line
- $params=array(
- 'action' => 'publish',
- 'page' => $argv[1]
- );
+ // In cli mode, take page name from the command line (publish only)
+ $action='publish';
+ $page = sanitize($argv, 1, RE_RELPATH_CLEANER, '');
} else {
- // In web mode, take from args from GET request
- $params=&$_GET;
+ // In web mode, enforce authentication and take from args from GET request
+ need_auth();
+ $action=sanitize($_GET, 'action', RE_IDENTIFIER_CLEANER, 'preview'); /* Could be : preview, edit, publish */
+ $page = sanitize($_GET, 'page', RE_RELPATH_CLEANER, $site_conf['site_default_page']);
}
- // params clean-up
- $action=sanitize($params, 'action', '/[^a-z_]+/', 'preview'); /* Could be : preview, edit, publish */
- $page=sanitize($params, 'page', '/[^a-z0-9\/]+/', $site_conf['site_default_page']); // Never put \. in this regex
// Template vars init ($page, $page_path, $page_props, $page_tpl_url)
$page_path = "content/$page";
diff --git a/code/admin/utils.php b/code/admin/utils.php
index f02146a..9612535 100644
--- a/code/admin/utils.php
+++ b/code/admin/utils.php
@@ -1,4 +1,9 @@
<?php
+ define('RE_TEXT_LINE_CLEANER', '/["\p{C}\p{Zl}\p{Zp}]+/u');
+ define('RE_IDENTIFIER_CLEANER', '/[^a-zA-Z0-9_]+/');
+ define('RE_LANG_IDENT_CLEANER', '/[^a-zA-Z\/\_-]+/');
+ define('RE_RELPATH_CLEANER', '/[^a-zA-Z0-9_\/-]+/'); // Never put \. in this regex
+
function sanitize($arg_array, $arg_key, $replace_chars_re, $default_value) {
//FIXME : should check string type and strlen !
if ( ! array_key_exists($arg_key, $arg_array) ) return $default_value;
@@ -33,20 +38,21 @@
function load_ini_site_conf($ini_path) {
$sanitize_site_conf = array(
- 'site_admin_lang' => array( 'replace_chars_re' => '/[^a-zA-Z\/\_-]+/', 'default_value' => 'C' ),
- 'site_default_page' => array( 'replace_chars_re' => '/[^a-z0-9\/]+/', 'default_value' => 'en/index' ),
+ 'site_admin_lang' => array( 'replace_chars_re' => RE_LANG_IDENT_CLEANER, 'default_value' => 'C' ),
+ 'site_default_page' => array( 'replace_chars_re' => RE_RELPATH_CLEANER, 'default_value' => 'en/index' ),
);
return sanitize_ini($ini_path, $sanitize_site_conf);
}
function load_ini_page_props($page) {
+
$sanitize_page_props = array(
//FIXME : title regex : all but html special chars ?
- 'page_title' => array( 'replace_chars_re' => '/[^\w !_,.-]+/', 'default_value' => '(missing title in props.ini)' ),
- 'page_template' => array( 'replace_chars_re' => '/[^a-z0-9]+/', 'default_value' => 'default' ),
- 'page_layout' => array( 'replace_chars_re' => '/[^a-z0-9]+/', 'default_value' => 'article' ),
- 'page_description' => array( 'replace_chars_re' => '/[^\w !_,.-]+/', 'default_value' => '(missing description in props.ini)' ),
- 'page_keywords' => array( 'replace_chars_re' => '/[^\w !_,.-]+/', 'default_value' => '(missing keywords in props.ini)' ),
+ 'page_template' => array( 'replace_chars_re' => RE_IDENTIFIER_CLEANER, 'default_value' => 'default' ),
+ 'page_layout' => array( 'replace_chars_re' => RE_IDENTIFIER_CLEANER, 'default_value' => 'article' ),
+ 'page_title' => array( 'replace_chars_re' => RE_TEXT_LINE_CLEANER, 'default_value' => '(missing)' ),
+ 'page_description' => array( 'replace_chars_re' => RE_TEXT_LINE_CLEANER, 'default_value' => '(missing)' ),
+ 'page_keywords' => array( 'replace_chars_re' => RE_TEXT_LINE_CLEANER, 'default_value' => '(missing)' ),
);
$ini_path="content/$page/props.ini";
return sanitize_ini($ini_path, $sanitize_page_props);
@@ -136,10 +142,12 @@
function safe_put_file($path, $content) {
//FIXME : if exists, then mktemp, put in it then rm and mv. Right preservation problems ?
+ $res=FALSE;
if ($handle = fopen($path, 'w')) {
$res = fwrite($handle, $content);
fclose($handle);
}
+ return $res;
}
function _write_ini_file_r(&$content, $assoc_arr, $has_sections)
@@ -158,10 +166,13 @@
}
}
} else {
- if ( preg_match('/^\w+$/',$val)===1 )
+ if ( preg_match(RE_IDENTIFIER_CLEANER,$val)===1 ) {
+ // Need to quote the value
+ $content .= "$key = \"" . str_replace('"', '', $val) . "\"\n";
+ } else {
+ // No need to quote
$content .= "$key = $val\n";
- else
- $content .= "$key = \"" . str_replace('"', '\"', $val) . "\"\n";
+ }
}
}
}
@@ -170,8 +181,10 @@
$res=FALSE;
$content = '';
_write_ini_file_r($content, $assoc_arr, $has_sections);
+
if (is_string($content) && strlen($content) > 0) {
- safe_put_file($path, $content);
+ //TODO : check if produced ini is readable again !
+ $res = safe_put_file($path, $content);
}
return $res;
diff --git a/dist/build_all.sh b/dist/build_all.sh
index 9f0306a..33b3e36 100755
--- a/dist/build_all.sh
+++ b/dist/build_all.sh
@@ -23,6 +23,7 @@ buildname=editablesite-$commit
srclocale=$srcbase/locale
dstlocale="$dstbase/$buildname/admin/locale"
archfile=out/$buildname
+installdir=/var/www
export_files $srcbase $dstbase/$buildname <<EOT
./README ./
@@ -50,7 +51,7 @@ do
mo_dir="$dstlocale/"${fname%%.po}.utf8/LC_MESSAGES
[ -d "$mo_dir" ] || mkdir -p "$mo_dir"
- echo msgfmt -o "'$mo_dir/editablesite.mo'" "'$f'"
+ #echo msgfmt -o "'$mo_dir/editablesite.mo'" "'$f'"
msgfmt -o "$mo_dir/editablesite.mo" "$f"
done
@@ -99,5 +100,6 @@ gzip -9 -c $archfile.tar > $archfile.tar.gz
( cd "$dstbase" ; zip -9 -q -r - $buildname/) > $archfile.zip
rm $archfile.tar
-sudo tar -xf $archfile.tar.gz -C /var/www/
+echo "Deploying for test in $installdir"
+sudo tar -xf $archfile.tar.gz -C $installdir
diff --git a/locale/en_US.po b/locale/en_US.po
index 34155f5..948a564 100644
--- a/locale/en_US.po
+++ b/locale/en_US.po
@@ -2,8 +2,8 @@ msgid ""
msgstr ""
"Project-Id-Version: EditableSite\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2013-10-29 23:52+0100\n"
-"PO-Revision-Date: 2013-10-29 23:53+0100\n"
+"POT-Creation-Date: 2013-10-30 13:58+0100\n"
+"PO-Revision-Date: 2013-10-30 13:58+0100\n"
"Last-Translator: Ludovic Pouzenc <lpouzenc@gmail.com>\n"
"Language-Team: \n"
"Language: \n"
@@ -17,132 +17,144 @@ msgstr ""
"X-Poedit-SourceCharset: UTF-8\n"
"X-Poedit-SearchPath-0: code\n"
-#: code/admin/add.php:21
-#: code/admin/index.php:63
-msgid "Add media"
-msgstr "Add media"
+#: code/admin/add.php:16
+#: code/admin/index.php:13
+msgid "Admin"
+msgstr "Admin"
-#: code/admin/add.php:21
-#: code/admin/add.php:50
-#: code/admin/index.php:27
-msgid "Add page"
-msgstr "Add page"
+#: code/admin/add.php:16
+msgid "Add a media"
+msgstr "Add a media"
-#: code/admin/add.php:27
-#: code/admin/index.php:62
+#: code/admin/add.php:16
+msgid "Add a page"
+msgstr "Add a page"
+
+#: code/admin/add.php:32
+#: code/admin/index.php:66
msgid "Media tree"
msgstr "Media tree"
-#: code/admin/add.php:27
-#: code/admin/index.php:26
+#: code/admin/add.php:32
+#: code/admin/index.php:30
msgid "Page tree"
msgstr "Page tree"
-#: code/admin/add.php:41
-msgid "Media folder"
-msgstr "Media folder"
+#: code/admin/add.php:46
+msgid "Selected folder"
+msgstr "Selected folder"
-#: code/admin/add.php:41
-msgid "Page folder"
-msgstr "Page folder"
-
-#: code/admin/add.php:42
+#: code/admin/add.php:47
msgid "Folder path"
msgstr "Folder path"
-#: code/admin/add.php:43
+#: code/admin/add.php:48
msgid "(choose a folder in the tree)"
msgstr "(choose a folder in the tree)"
-#: code/admin/add.php:45
+#: code/admin/add.php:50
msgid "New item name"
msgstr "New item name"
-#: code/admin/add.php:48
-#: code/admin/index.php:42
-#: code/admin/index.php:78
+#: code/admin/add.php:53
+#: code/admin/index.php:46
+#: code/admin/index.php:82
msgid "Actions"
msgstr "Actions"
-#: code/admin/add.php:49
+#: code/admin/add.php:54
msgid "Add folder"
msgstr "Add folder"
-#: code/admin/index.php:20
-msgid "Admin"
-msgstr "Admin"
+#: code/admin/add.php:55
+#: code/admin/index.php:31
+msgid "Add page"
+msgstr "Add page"
+
+#: code/admin/add.php:58
+msgid "Back to admin"
+msgstr "Back to admin"
-#: code/admin/index.php:38
+#: code/admin/index.php:42
msgid "Selected page"
msgstr "Selected page"
-#: code/admin/index.php:39
+#: code/admin/index.php:43
msgid "Page path"
msgstr "Page path"
-#: code/admin/index.php:40
+#: code/admin/index.php:44
msgid "(choose a page in the tree)"
msgstr "(choose a page in the tree)"
-#: code/admin/index.php:43
+#: code/admin/index.php:47
msgid "Edit page"
msgstr "Edit page"
-#: code/admin/index.php:44
+#: code/admin/index.php:48
msgid "Delete page"
msgstr "Delete page"
-#: code/admin/index.php:48
+#: code/admin/index.php:52
msgid "Page title"
msgstr "Page title"
-#: code/admin/index.php:51
+#: code/admin/index.php:55
msgid "Page description"
msgstr "Page description"
-#: code/admin/index.php:54
+#: code/admin/index.php:58
msgid "Page keywords"
msgstr "Page keywords"
-#: code/admin/index.php:58
-#: code/admin/index.php:94
-#: code/admin/index.php:106
+#: code/admin/index.php:62
+#: code/admin/index.php:98
+#: code/admin/index.php:110
msgid "Save properties"
msgstr "Save properties"
-#: code/admin/index.php:74
+#: code/admin/index.php:67
+msgid "Add media"
+msgstr "Add media"
+
+#: code/admin/index.php:78
msgid "Selected Media"
msgstr "Selected Media"
-#: code/admin/index.php:75
+#: code/admin/index.php:79
msgid "Media path"
msgstr "Media path"
-#: code/admin/index.php:76
+#: code/admin/index.php:80
msgid "(choose a media in the tree)"
msgstr "(choose a media in the tree)"
-#: code/admin/index.php:80
+#: code/admin/index.php:84
msgid "Delete media"
msgstr "Delete media"
-#: code/admin/index.php:84
+#: code/admin/index.php:88
msgid "Media title"
msgstr "Media title"
-#: code/admin/index.php:87
+#: code/admin/index.php:91
msgid "Media description"
msgstr "Media description"
-#: code/admin/index.php:98
+#: code/admin/index.php:102
msgid "Site properties"
msgstr "Site properties"
-#: code/admin/index.php:99
+#: code/admin/index.php:103
msgid "Admin lang"
msgstr "Admin lang"
-#: code/admin/index.php:102
+#: code/admin/index.php:106
msgid "Default page"
msgstr "Default page"
+#~ msgid "Media folder"
+#~ msgstr "Media folder"
+
+#~ msgid "Page folder"
+#~ msgstr "Page folder"
diff --git a/locale/fr_FR.po b/locale/fr_FR.po
index b9b7383..7368072 100644
--- a/locale/fr_FR.po
+++ b/locale/fr_FR.po
@@ -2,8 +2,8 @@ msgid ""
msgstr ""
"Project-Id-Version: EditableSite\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2013-10-30 00:26+0100\n"
-"PO-Revision-Date: 2013-10-30 00:26+0100\n"
+"POT-Creation-Date: 2013-10-30 13:58+0100\n"
+"PO-Revision-Date: 2013-10-30 13:58+0100\n"
"Last-Translator: Ludovic Pouzenc <lpouzenc@gmail.com>\n"
"Language-Team: \n"
"Language: \n"
@@ -41,12 +41,8 @@ msgid "Page tree"
msgstr "Arborescence des pages"
#: code/admin/add.php:46
-msgid "Media folder"
-msgstr "Dossier du média"
-
-#: code/admin/add.php:46
-msgid "Page folder"
-msgstr "Dossier de la page"
+msgid "Selected folder"
+msgstr "Dossier sélectionné"
#: code/admin/add.php:47
msgid "Folder path"
@@ -157,3 +153,8 @@ msgstr "Langue outil admin"
msgid "Default page"
msgstr "Page par défaut"
+#~ msgid "Media folder"
+#~ msgstr "Dossier du média"
+
+#~ msgid "Page folder"
+#~ msgstr "Dossier de la page"