ljr/local/htdocs/tools/embedcontent.bml

41 lines
1.2 KiB
Plaintext
Raw Permalink Normal View History

2019-02-05 21:49:12 +00:00
<?_code
{
use strict;
use vars qw(%GET %POST $title $headextra @errors @warnings);
use LJ::Auth;
use LJ::EmbedModule;
# this can only be accessed from the embed module subdomain
my $r = Apache->request;
my $host = $r->header_in("Host");
my $fwd_host = $r->header_in("X-Forwarded-Host");
$host = $fwd_host if $fwd_host;
$host =~ s/,.+//;
return "This page cannot be viewed from $host"
unless $host =~ /.*$LJ::EMBED_MODULE_DOMAIN$/i;
# we should have three GET params: journalid, moduleid, auth_token
my $journalid = $GET{journalid}+0 or return "No journalid specified";
my $moduleid = $GET{moduleid};
return "No module id specified" unless defined $moduleid;
$moduleid += 0;
my $preview = $GET{preview};
# check auth_token
return "Invalid auth string" unless
LJ::Auth->check_sessionless_auth_token('embedcontent', %GET);
# ok we're cool, return content
my $content = LJ::EmbedModule->module_content(
journalid => $journalid,
moduleid => $moduleid,
preview => $preview,
);
return qq {
<html><head></head><body style="background-color: transparent;">$content</body></html>
};
}
_code?>