| static public authenticate ( $force = true, $context = 'gb-admin' ) |
<?php
ini_set('html_errors', '0');
require '../_base.php';
gb::authenticate();
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
gb_admin::error_rsp('405 Method Not Allowed', '405 Method Not Allowed');
}
try {
# parse input
static $spec_fields = array('name' => '', 'version' => '(work)', 'commit' => 'bool(false)');
static $state_fields = array('mimeType' => ':trim', 'title' => ':trim', 'slug' => ':trim', 'body' => '', 'tags' => '[]', 'categories' => '[]', 'published' => '@GBDateTime', 'author' => '@GBAuthor', 'commentsOpen' => 'bool', 'pingbackOpen' => 'bool', 'draft' => 'bool');
$input = gb_input::process(array_merge($spec_fields, $state_fields));
# find post
$created = false;
if ($input['name'] !== null) {
if (!($post = GBPost::findByName($input['name'], $input['version']))) {
gb_admin::error_rsp('Post ' . r($input['name']) . ' not found');
}
} else {
$post = new GBPost();
$created = true;
}
# set post state
$modified_state = array();
foreach ($state_fields as $k => $discard) {
$v = $input[$k];
if ($v !== null && $post->{$k} !== $v) {
if ($k === 'body') {
$post->setRawBody($v);
$modified_state[$k] = $post->rawBody();
* which will have one of the following values:
*
* - "rejected" -- Comment was rejected for undisclosed reasons.
* - "duplicate" -- Comment was rejected because it's a duplicate in the
* context of the related post.
* - "pending" -- Comment is pending approval by moderator/author.
*
* As a theme designer, you should take care of these and present them to the
* user in an appropriate manner.
*/
require '../gitblog.php';
ini_set('html_errors', '0');
header('Content-Type: text/plain; charset=utf-8');
header('Cache-Control: no-cache');
gb::verify();
gb::authenticate(false);
gb::load_plugins('admin');
/**
* Acceptable fields.
* array( string name => filterspec , .. )
*/
$fields = array('reply-post' => FILTER_REQUIRE_SCALAR, 'reply-message' => FILTER_REQUIRE_SCALAR, 'author-email' => FILTER_VALIDATE_EMAIL, 'author-name' => FILTER_REQUIRE_SCALAR, 'reply-to' => FILTER_REQUIRE_SCALAR, 'author-url' => FILTER_SANITIZE_URL, 'author-uri' => FILTER_REQUIRE_SCALAR, 'client-timezone-offset' => array('filter' => FILTER_VALIDATE_INT, 'options' => array('min_range' => -43200, 'max_range' => 43200)), 'gb-nonce' => array('filter' => FILTER_SANITIZE_STRING, 'flags' => FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH));
function exit2($msg, $status = '400 Bad Request')
{
header('HTTP/1.1 ' . $status);
exit($status . "\n" . $msg . "\n");
}
# only allow POST
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
exit2('Only POST is allowed', '405 Method Not Allowed');
}