From acbb8dff1439b0d05709a93fff356e7f6b829da6 Mon Sep 17 00:00:00 2001
From: Ludovic Pouzenc <lpouzenc@gmail.com>
Date: Wed, 30 Oct 2013 14:04:56 +0100
Subject: INI et Unicode. Avancée sur fonctions AJAX et trados.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 code/admin/render.php | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

(limited to 'code/admin/render.php')

diff --git a/code/admin/render.php b/code/admin/render.php
index 2d49f01..0492224 100644
--- a/code/admin/render.php
+++ b/code/admin/render.php
@@ -6,18 +6,15 @@
 	if ( ! is_array($site_conf) ) trigger_error("Error parsing site_conf.ini", E_USER_ERROR);
 
 	if (PHP_SAPI === 'cli') {
-		// In cli mode, take args from the command line
-		$params=array(
-			'action' => 'publish',
-			'page' => $argv[1]
-		);
+		// In cli mode, take page name from the command line (publish only)
+		$action='publish';
+		$page = sanitize($argv, 1, RE_RELPATH_CLEANER, '');
 	} else {
-		// In web mode, take from args from GET request
-		$params=&$_GET;
+		// In web mode, enforce authentication and take from args from GET request
+		need_auth();
+		$action=sanitize($_GET, 'action', RE_IDENTIFIER_CLEANER, 'preview'); /* Could be : preview, edit, publish */
+		$page = sanitize($_GET, 'page', RE_RELPATH_CLEANER, $site_conf['site_default_page']);
 	}
-	// params clean-up
-	$action=sanitize($params, 'action', '/[^a-z_]+/', 'preview'); /* Could be : preview, edit, publish */
-	$page=sanitize($params, 'page', '/[^a-z0-9\/]+/', $site_conf['site_default_page']); // Never put \. in this regex
 
 	// Template vars init ($page, $page_path, $page_props, $page_tpl_url)
 	$page_path = "content/$page"; 
-- 
cgit v1.2.3