From c5f39ea2cd7cf02246705ea8872d3b350526165c Mon Sep 17 00:00:00 2001
From: Freya Murphy <freya@freyacat.org>
Date: Fri, 24 May 2024 09:05:42 -0400
Subject: initial

---
 src/web/_controller/blog.php | 74 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100644 src/web/_controller/blog.php

(limited to 'src/web/_controller/blog.php')

diff --git a/src/web/_controller/blog.php b/src/web/_controller/blog.php
new file mode 100644
index 0000000..f13ffd1
--- /dev/null
+++ b/src/web/_controller/blog.php
@@ -0,0 +1,74 @@
+<?php /* Copyright (c) 2024 Freya Murphy */
+class Blog_controller extends Controller {
+
+	public $comments_controller;
+	private $blog_model;
+
+	function __construct($load) {
+		parent::__construct($load);
+		$this->blog_model = $this->load->model('blog');
+		$this->comments_controller = $this->load->controller('_comments');
+	}
+
+	public function index(): void {
+		parent::index();
+		$data = $this->blog_model->get_data();
+		$this->view('header', $data);
+		$this->view('apps/blog', $data);
+		$this->view('footer', $data);
+	}
+
+	private function protect($folder) {
+		if (!array_key_exists('name', $_GET)) {
+			$this->error(400);
+		}
+
+		$basepath = $GLOBALS['assetroot'] . '/' . $folder . '/';
+		$realBase = realpath($basepath);
+
+		$userpath = $basepath . $_GET['name'];
+		$realUserPath = realpath($userpath);
+
+		if ($realUserPath === false || strpos($realUserPath, $realBase) !== 0) {
+			$this->error(404);
+		}
+	}
+
+	public function post(): void {
+		$this->protect('blog');
+		parent::index();
+		$data = $this->blog_model->get_post($_GET['name']);
+		if ($data === FALSE) {
+			$this->error(404);
+		}
+		$this->view('header', $data);
+		$this->view('apps/blog_post', $data);
+		$ref = 'blog/post?name=' . $_GET['name'];
+		$this->comments_controller->comments($data['post']['meta']['name'], $ref);
+		$this->view('footer', $data);
+	}
+
+	public function writeup(): void {
+		$this->protect('writeup');
+		parent::index();
+		$data = $this->blog_model->get_writeup($_GET['name']);
+		if ($data === FALSE) {
+			$this->error(404);
+		}
+		$this->view('header', $data);
+		$this->view('apps/blog_writeup', $data);
+		$ref = 'blog/writeup?name=' . $_GET['name'];
+		$this->comments_controller->comments($data['post']['meta']['name'], $ref);
+		$this->view('footer', $data);
+	}
+
+	public function rss() {
+		$data = $this->blog_model->get_data();
+		header('Content-Type: application/xml');
+		$this->view('apps/blog_rss', $data);
+		die();
+	}
+
+}
+
+?>
-- 
cgit v1.2.3-freya