PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix security issues from audit: gate partage fragments on share_active session, add CSRF to retry-email POST, remove dead App::verifyCsrf()

Browse Source
This commit is contained in:
Pontoporeia
2026-06-24 14:17:08 +02:00
parent 84869ad968
commit 0062b29678
4 changed files with 42 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
TODO.md
View File

@@ -16,9 +16,9 @@
- [x] #build-cssfix Fix stray `}` syntax error in admin.css line 305 ✓
## Pending
- [ ] #sec-fragments-auth Gate partagé fragments on share_active session + CSRF `(partage/fragments/*.php, partage/index.php)`
- [ ] #sec-retry-csrf Add CSRF check to partage/retry-email.php POST
- [ ] #sec-cleanup-dead-code Remove dead App::verifyCsrf() or refactor action handlers to use it
- [x] #sec-fragments-auth Gate partagé fragments on share_active session (read-only fragment renderers — no CSRF needed) ✓
- [x] #sec-retry-csrf Add CSRF check to partage/retry-email.php POST
- [x] #sec-cleanup-dead-code Remove dead App::verifyCsrf() or refactor action handlers to use it
- [ ] #rep-student-touch Replace hover student popover with tap-to-open drawer for mobile `(repertoire.php, repertoire.css)`
- [ ] #rep-polish Polish: scroll-position memory on HTMX swap, animation tuning `(repertoire.css)`
- [ ] #icon-color-verify Verify icon colors render correctly across all pages (header, admin tables, forms, dialogs, cleanup modal)