PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 19:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: escape apostrophe in FORM_HELP_LABELS string (Database.php:2005)

Browse Source
This commit is contained in:
Pontoporeia
2026-04-29 21:05:53 +02:00
parent d665cb502d
commit 0437ec8d15
8 changed files with 225 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
app/public/admin/actions/form-help.php Normal file
View File

@@ -0,0 +1,39 @@
<?php
/**
* Save handler for form help blocks (student-facing explanatory text shown
* in the /partage share-link submission form).
*/
require_once __DIR__ . '/../../../bootstrap.php';
require_once __DIR__ . '/../../../src/AdminAuth.php';
AdminAuth::requireLogin();
if (!isset($_POST['csrf_token'], $_SESSION['csrf_token'])
|| !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
App::flash('error', 'Erreur de sécurité : token invalide.');
header('Location: /admin/contenus.php');
exit;
}
$key = $_POST['form_help_key'] ?? '';
$content = $_POST['content'] ?? '';
require_once APP_ROOT . '/src/Database.php';
$db = new Database();
if (!in_array($key, Database::FORM_HELP_KEYS, true)) {
App::flash('error', 'Clé de bloc invalide.');
header('Location: /admin/contenus.php');
exit;
}
try {
$db->setFormHelpBlock($key, $content);
App::flash('success', 'Bloc « ' . htmlspecialchars($key) . ' » mis à jour.');
} catch (Exception $e) {
error_log('form-help save error: ' . $e->getMessage());
App::flash('error', 'Erreur lors de la sauvegarde : ' . htmlspecialchars($e->getMessage()));
}
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
header('Location: /admin/contenus.php#form-help-blocks');
exit;