blog_model = $this->load->model('blog'); $this->comments_controller = $this->load->controller('_comments'); } public function index(): void { parent::index(); $data = $this->blog_model->get_data(); $this->view('header', $data); $this->view('apps/blog', $data); $this->view('footer', $data); } private function protect(string $folder): void { if (!array_key_exists('name', $_GET)) { $this->error(400); } $basepath = $GLOBALS['assetroot'] . '/' . $folder . '/'; $realBase = realpath($basepath); $userpath = $basepath . $_GET['name']; $realUserPath = realpath($userpath); if ($realUserPath === false || strpos($realUserPath, $realBase) !== 0) { $this->error(404); } } public function post(): void { $this->protect('blog'); parent::index(); $data = $this->blog_model->get_post($_GET['name']); if ($data === FALSE) { $this->error(404); } $this->view('header', $data); $this->view('apps/blog_post', $data); $ref = 'blog/post?name=' . $_GET['name']; $this->comments_controller->comments($data['post']['meta']['name'], $ref); $this->view('footer', $data); } public function writeup(): void { $this->protect('writeup'); parent::index(); $data = $this->blog_model->get_writeup($_GET['name']); if ($data === FALSE) { $this->error(404); } $this->view('header', $data); $this->view('apps/blog_writeup', $data); $ref = 'blog/writeup?name=' . $_GET['name']; $this->comments_controller->comments($data['post']['meta']['name'], $ref); $this->view('footer', $data); } public function rss(): void { $data = $this->blog_model->get_data(); header('Content-Type: application/xml'); $this->view('apps/blog_rss', $data); die(); } } ?>