From 96bd62deba875004904bec5e5fa8a8218bdae8f8 Mon Sep 17 00:00:00 2001
From: Marc Stampfli <m.stampfli@kmu.org>
Date: Mon, 17 Mar 2014 20:30:55 +0100
Subject: [PATCH] Added support for subsites and index page

---
 pico_editor.php | 47 +++++++++++++++++++++++++++++++----------------
 1 file changed, 31 insertions(+), 16 deletions(-)

diff --git a/pico_editor.php b/pico_editor.php
index 01f1f2b..df0f085 100644
--- a/pico_editor.php
+++ b/pico_editor.php
@@ -106,24 +106,26 @@ private function do_new()
 			'error' => $error
 		)));
 	}
-	
-	private function do_open()
-	{
-		if(!isset($_SESSION['pico_logged_in']) || !$_SESSION['pico_logged_in']) die(json_encode(array('error' => 'Error: Unathorized')));
-		$file_url = isset($_POST['file']) && $_POST['file'] ? $_POST['file'] : '';
-		$file = basename(strip_tags($file_url));
-		if(!$file) die('Error: Invalid file');
-		
-		$file .= CONTENT_EXT;
-		if(file_exists(CONTENT_DIR . $file)) die(file_get_contents(CONTENT_DIR . $file));
-		else die('Error: Invalid file');
-	}
+
+    private function do_open()
+    {
+        if(!isset($_SESSION['pico_logged_in']) || !$_SESSION['pico_logged_in']) die(json_encode(array('error' => 'Error: Unathorized')));
+        $file_url = isset($_POST['file']) && $_POST['file'] ? $_POST['file'] : '';
+        $file = $this->getFile($file_url);
+
+        if(!$file) die('Error: The file is invalid or not available.');
+
+        $file .= CONTENT_EXT;
+        if(file_exists(CONTENT_DIR . $file)) die(file_get_contents(CONTENT_DIR . $file));
+        else die('Error: Invalid file');
+    }
 	
 	private function do_save()
 	{
 		if(!isset($_SESSION['pico_logged_in']) || !$_SESSION['pico_logged_in']) die(json_encode(array('error' => 'Error: Unathorized')));
 		$file_url = isset($_POST['file']) && $_POST['file'] ? $_POST['file'] : '';
-		$file = basename(strip_tags($file_url));
+        $file = $this->getFile($file_url);
+
 		if(!$file) die('Error: Invalid file');
 		$content = isset($_POST['content']) && $_POST['content'] ? $_POST['content'] : '';
 		if(!$content) die('Error: Invalid content');
@@ -137,7 +139,8 @@ private function do_delete()
 	{
 		if(!isset($_SESSION['pico_logged_in']) || !$_SESSION['pico_logged_in']) die(json_encode(array('error' => 'Error: Unathorized')));
 		$file_url = isset($_POST['file']) && $_POST['file'] ? $_POST['file'] : '';
-		$file = basename(strip_tags($file_url));
+        $file = $this->getFile($file_url);
+
 		if(!$file) die('Error: Invalid file');
 		
 		$file .= CONTENT_EXT;
@@ -167,8 +170,20 @@ private function slugify($text)
 		}
 		
 		return $text;
-	}
-	
+    }
+
+    protected function getFile($file_url) {
+        // Check if index.md
+        if($file_url == "/") {
+            $file_url = 'index';
+        }
+
+        // Remove leading /
+        if (strpos($file_url, '/') === 0)
+            $file_url = substr($file_url, 1);
+
+        return strip_tags($file_url);
+    }
 }
 
 ?>
\ No newline at end of file