content.php 2.2 KB
Newer Older
Malcolm Blaney's avatar
Malcolm Blaney committed
1 2
<?php
// Dobrado Content Management System
3
// Copyright (C) 2017 Malcolm Blaney
Malcolm Blaney's avatar
Malcolm Blaney committed
4 5 6 7 8 9 10 11 12 13 14 15 16 17
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as
// published by the Free Software Foundation, either version 3 of the
// License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

18
include 'functions/session.php';
Malcolm Blaney's avatar
Malcolm Blaney committed
19

20 21
if (session_expired()) exit;

22
foreach (['id', 'label', 'url'] as $name) {
23
  if (!isset($_POST[$name])) {
24
    echo json_encode(['error' => $name.' not provided']);
25 26 27
    exit;
  }
}
Malcolm Blaney's avatar
Malcolm Blaney committed
28

29 30
include 'functions/copy_page.php';
include 'functions/db.php';
31
include 'functions/microformats.php';
32 33 34
include 'functions/new_module.php';
include 'functions/page_owner.php';
include 'functions/permission.php';
35
include 'functions/style.php';
36
include 'functions/write_style.php';
37

38 39 40
include 'config.php';
include 'module.php';
include 'user.php';
Malcolm Blaney's avatar
Malcolm Blaney committed
41

42
// Remove the '#dobrado-' prefix.
Mal's avatar
Mal committed
43
$mysqli = connect_db();
44
$id = (int)substr($_POST['id'], 9);
45 46
$label = $mysqli->escape_string($_POST['label']);
$url = $mysqli->escape_string($_POST['url']);
Mal's avatar
Mal committed
47
$mysqli->close();
48

49
list($page, $owner) = page_owner($url);
Malcolm Blaney's avatar
Malcolm Blaney committed
50
// Modules must do their own safety checks on content.
51
$us_content = json_decode($_POST['content'], true);
Malcolm Blaney's avatar
Malcolm Blaney committed
52
$user = new User();
53
$user->SetPermission($page, $owner);
54
$module = new Module($user, $owner, $label);
55
if ($module->CanEdit($id)) {
56 57
  // Post modules are a special case, as the Writer module can be used to
  // create posts with only view page permission.
58
  if ($user->canEditPage || ($label === 'post' && $user->canViewPage)) {
59 60
    $module->SetContent($id, $us_content);
    // Return the updated content.
61
    echo json_encode(['html' => $module->Content($id)]);
62 63
  }
  else {
64
    echo json_encode(['done' => true]);
65
  }
66 67
}
else {
68
  echo json_encode(['error' => 'could not edit module']);
69
}