diff options
Diffstat (limited to 'code/admin/render.php')
| -rw-r--r-- | code/admin/render.php | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/code/admin/render.php b/code/admin/render.php index 2d49f01..0492224 100644 --- a/code/admin/render.php +++ b/code/admin/render.php @@ -6,18 +6,15 @@ if ( ! is_array($site_conf) ) trigger_error("Error parsing site_conf.ini", E_USER_ERROR); if (PHP_SAPI === 'cli') { - // In cli mode, take args from the command line - $params=array( - 'action' => 'publish', - 'page' => $argv[1] - ); + // In cli mode, take page name from the command line (publish only) + $action='publish'; + $page = sanitize($argv, 1, RE_RELPATH_CLEANER, ''); } else { - // In web mode, take from args from GET request - $params=&$_GET; + // In web mode, enforce authentication and take from args from GET request + need_auth(); + $action=sanitize($_GET, 'action', RE_IDENTIFIER_CLEANER, 'preview'); /* Could be : preview, edit, publish */ + $page = sanitize($_GET, 'page', RE_RELPATH_CLEANER, $site_conf['site_default_page']); } - // params clean-up - $action=sanitize($params, 'action', '/[^a-z_]+/', 'preview'); /* Could be : preview, edit, publish */ - $page=sanitize($params, 'page', '/[^a-z0-9\/]+/', $site_conf['site_default_page']); // Never put \. in this regex // Template vars init ($page, $page_path, $page_props, $page_tpl_url) $page_path = "content/$page"; |