-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathblog.php
More file actions
83 lines (76 loc) · 2.81 KB
/
blog.php
File metadata and controls
83 lines (76 loc) · 2.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
<?php
require_once __DIR__ . '/includes/head_common.php';
require_once __DIR__ . '/includes/markdown_utils.php';
function get_blog_posts() {
$posts = [];
foreach (glob(__DIR__ . '/contenido/blog/*.md') as $file) {
$lines = file($file);
if (!$lines) continue;
$title = trim(ltrim($lines[0], "# \t"));
$slug = basename($file, '.md');
$posts[$slug] = ['title' => $title, 'file' => $file];
}
ksort($posts);
return $posts;
}
$posts = get_blog_posts();
$post_slug_raw = isset($_GET['post']) ? $_GET['post'] : null;
$post_slug = null;
if ($post_slug_raw) {
// Sanitizar el slug: permitir solo alfanuméricos, guiones bajos y guiones.
// Los slugs generados por basename en get_blog_posts() son seguros,
// pero sanitizamos la entrada del usuario para consistencia y para evitar
// cualquier intento de manipulación de la clave del array $posts.
$post_slug = preg_replace('/[^a-zA-Z0-9_-]/', '', $post_slug_raw);
// Opcional: si el slug sanitizado es diferente al original, podría indicar un intento de manipulación.
// if ($post_slug !== $post_slug_raw) {
// // Loguear intento o manejar como error, por ahora simplemente usamos el sanitizado.
// // error_log("Slug manipulado detectado: original '{$post_slug_raw}', sanitizado '{$post_slug}'");
// }
}
?>
<!DOCTYPE html>
<html lang="es">
<head>
<title>Blog</title>
<link rel="stylesheet" href="/assets/css/custom.css">
</head>
<body class="alabaster-bg">
<?php require_once __DIR__.'/fragments/header.php'; ?>
<main class="container page-content-block">
<?php if ($post_slug && isset($posts[$post_slug])): ?>
<article class="blog-post">
<h1><?php echo htmlspecialchars($posts[$post_slug]['title']); ?></h1>
<?php echo render_markdown(file_get_contents($posts[$post_slug]['file'])); ?>
<p><a href="blog.php">← Volver al listado</a></p>
</article>
<?php else: ?>
<h1>Blog</h1>
<ul class="blog-list">
<?php foreach ($posts as $slug => $info): ?>
<li><a href="blog.php?post=<?php echo urlencode($slug); ?>"><?php echo htmlspecialchars($info['title']); ?></a></li>
<?php endforeach; ?>
</ul>
<?php endif; ?>
</main>
<?php require_once __DIR__.'/fragments/footer.php'; ?>
<?php if ($post_slug && isset($posts[$post_slug])): ?>
<script type="application/ld+json">
<?php
$published = date('c', filemtime($posts[$post_slug]['file']));
$data = [
'@context' => 'https://schema.org',
'@type' => 'Article',
'headline' => $posts[$post_slug]['title'],
'datePublished' => $published,
'author' => [
'@type' => 'Organization',
'name' => 'Condado de Castilla'
]
];
echo json_encode($data, JSON_UNESCAPED_UNICODE|JSON_PRETTY_PRINT);
?>
</script>
<?php endif; ?>
</body>
</html>