Sofort-Bearbeiten funktioniert jetzt.

5 files changed, 74 insertions, 31 deletions

diff --git a/pages/content/Pages:Edit.xml b/pages/content/Pages:Edit.xml
index dfe9a51..beaa0b3 100644
--- a/pages/content/Pages:Edit.xml
+++ b/pages/content/Pages:Edit.xml
@@ -3,7 +3,7 @@
   <info>
     <name>Pages:Edit</name>
     <template>phpexec</template>
-    <access>0:0</access>
+    <access>9:0</access>
     <type>c</type>
   </info>
   <data>
@@ -11,32 +11,22 @@
       <![CDATA[
 <?PHP
   require_once('code/pages.inc.php');
-  require_once('code/links.inc.php');
   require_once('code/util.inc.php');
   
   
-  if($_POST['type'] != 'c' && $_POST['type'] != 'n' && $_POST['type'] != 'e')
+  if($_GET['type'] != 'c' && $_GET['type'] != 'n' && $_GET['type'] != 'e')
     exit();
   
-  if($_POST['back']) {
-    header('Location: ' . $GLOBALS['links']->GetNeonLink('Pages', 'type=' . $_POST['type'], false));
-    exit();
-  }
-  
-  if(!$_POST['name']) exit();
-  
-  $data = array();
+  if(!$_GET['name'] || !$_GET['backlink']) exit();
   
-  foreach($_POST as $key => $val) {
-    if(substr($key, 0, 5) != 'data_') continue;
-    
-    $data[substr($key, 5)] = Unquote($val);
-  }
-  
-  $GLOBALS['pages']->Edit(Unquote($_POST['name']), $_POST['type'], $data);
+  if(!$GLOBALS['pages']->HasWriteAccess(Unquote($_GET['name']), $_GET['type']))
+    exit();
   
-  header('Location: ' . $GLOBALS['links']->GetNeonLink('Pages', 'type=' . $_POST['type'], false));
-  exit();
+  $data = $GLOBALS['pages']->GetEditor(Unquote($_GET['name']), $_GET['type'], Unquote($_GET['backlink']));
+      
+  $title = $data['title'];
+      
+  echo $data['content'];
 ?>
       ]]>
     </code>
diff --git a/pages/content/Pages:Edit:Do.xml b/pages/content/Pages:Edit:Do.xml
new file mode 100644
index 0000000..15c5f51
--- /dev/null
+++ b/pages/content/Pages:Edit:Do.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<page>
+  <info>
+    <name>Pages:Edit:Do</name>
+    <template>phpexec</template>
+    <access>9:0</access>
+    <type>c</type>
+  </info>
+  <data>
+    <code>
+      <![CDATA[
+<?PHP
+  require_once('code/pages.inc.php');
+  require_once('code/links.inc.php');
+  require_once('code/util.inc.php');
+  
+  
+  if($_POST['type'] != 'c' && $_POST['type'] != 'n' && $_POST['type'] != 'e')
+    exit();
+  
+  if($_POST['back']) {
+    header('Location: ' . Unquote($_POST['backlink']));
+    exit();
+  }
+  
+  if(!$_POST['name'] || !$_POST['backlink']) exit();
+  
+  if(!$GLOBALS['pages']->HasWriteAccess(Unquote($_POST['name']), $_POST['type']))
+    exit();
+  
+  $data = array();
+  
+  foreach($_POST as $key => $val) {
+    if(substr($key, 0, 5) != 'data_') continue;
+    
+    $data[substr($key, 5)] = Unquote($val);
+  }
+  
+  $GLOBALS['pages']->Edit(Unquote($_POST['name']), $_POST['type'], $data);
+  
+  header('Location: ' . Unquote($_POST['backlink']));
+  exit();
+?>
+      ]]>
+    </code>
+  </data>
+</page>
diff --git a/pages/content/Pages:Handle.xml b/pages/content/Pages:Handle.xml
index c2b6602..cc334e0 100644
--- a/pages/content/Pages:Handle.xml
+++ b/pages/content/Pages:Handle.xml
@@ -44,13 +44,11 @@
   <?PHP
   }
   elseif(isset($_POST['edit'])) {
-    if($_POST['name']) {
-      $data = $GLOBALS['pages']->GetEditor(Unquote($_POST['name']), $_POST['type']);
-      
-      $title = $data['title'];
-      
-      echo $data['content'];
-    }
+    $backlink = $GLOBALS['links']->GetNeonLink('Pages', 'type=' . $_POST['type'], false);
+    
+    header('Location: ' . $GLOBALS['links']->GetNeonLink('Pages:Edit', 'type=' . $_POST['type'] .
+           '&name=' . urlencode(Unquote($_POST['name'])) . '&backlink=' . urlencode($backlink), false));
+    exit();
   }
   elseif(isset($_POST['privs'])) {
     if($_POST['name']) {
diff --git a/pages/editor/default.xml b/pages/editor/default.xml
index 3c0c79e..f85929c 100644
--- a/pages/editor/default.xml
+++ b/pages/editor/default.xml
@@ -3,20 +3,24 @@
   <info>
     <name>phpexec</name>
     <template>phpexec</template>
-    <access>0:0</access>
+    <access>9:0</access>
     <type>e</type>
   </info>
   <data>
     <code>
       <![CDATA[
 <?PHP
+  require_once('code/links.inc.php');
+  
+  
   $title = 'Edit \'' . $data['_data']['_page'] . '\'';
   
   echo '<h2>' . $title . '</h2>';
 ?>
-<form method="post" action="<?PHP echo $GLOBALS['links']->GetNeonLink('Pages:Edit'); ?>">
+<form method="post" action="<?PHP echo $GLOBALS['links']->GetNeonLink('Pages:Edit:Do'); ?>">
   <input type="hidden" name="name" value="<?PHP echo $data['_data']['_page'] ?>" />
   <input type="hidden" name="type" value="<?PHP echo $data['_data']['_type']; ?>" />
+  <input type="hidden" name="backlink" value="<?PHP echo htmlspecialchars($data['_backlink']); ?>" />
   Titel: <input type="text" name="data_title" value="<?PHP
     echo strtr($data['_data']['title'], array('<' => '&lt;', '>' => '&gt;', '&' => '&amp;', '"' => '&quot;'));
   ?>" size="70" /><br />
diff --git a/pages/editor/phpexec.xml b/pages/editor/phpexec.xml
index a2c390d..be7c4e9 100644
--- a/pages/editor/phpexec.xml
+++ b/pages/editor/phpexec.xml
@@ -3,20 +3,24 @@
   <info>
     <name>phpexec</name>
     <template>phpexec</template>
-    <access>0:0</access>
+    <access>9:0</access>
     <type>e</type>
   </info>
   <data>
     <code>
       <![CDATA[
 <?PHP
+  require_once('code/links.inc.php');
+  
+  
   $title = 'Edit \'' . $data['_data']['_page'] . '\'';
   
   echo '<h2>' . $title . '</h2>';
 ?>
-<form method="post" action="<?PHP echo $GLOBALS['links']->GetNeonLink('Pages:Edit'); ?>">
+<form method="post" action="<?PHP echo $GLOBALS['links']->GetNeonLink('Pages:Edit:Do'); ?>">
   <input type="hidden" name="name" value="<?PHP echo $data['_data']['_page'] ?>" />
   <input type="hidden" name="type" value="<?PHP echo $data['_data']['_type']; ?>" />
+  <input type="hidden" name="backlink" value="<?PHP echo htmlspecialchars($data['_backlink']); ?>" />
   <textarea name="data_code" class="pageedit spaced-bottom" rows="25" cols="70"><?PHP
     echo strtr($data['_data']['code'], array('<' => '&lt;', '>' => '&gt;', '&' => '&amp;', '"' => '&quot;'));
   ?></textarea><br />