fix: escape apostrophe in FORM_HELP_LABELS string (Database.php:2005)

2026-05-06 19:19:19 +02:00 · 2026-04-29 21:05:53 +02:00
parent d665cb502d
commit 0437ec8d15
8 changed files with 225 additions and 5 deletions
--- a/app/templates/admin/contenus-edit.php
+++ b/app/templates/admin/contenus-edit.php
@@ -17,6 +17,23 @@
        </div>
    </form>

+    <?php elseif ($editType === 'form_help'): ?>
+    <p class="param-note">Ce texte est affiché dans le formulaire de soumission des étudiant·es (lien de partage). Supporte le Markdown.</p>
+    <form action="/admin/actions/form-help.php" method="post" class="admin-form">
+        <input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
+        <input type="hidden" name="form_help_key" value="<?= htmlspecialchars($formHelpKey) ?>">
+
+        <label for="editor">Contenu (Markdown) :</label>
+        <input type="hidden" id="content" name="content"
+               value="<?= htmlspecialchars($initialContent) ?>">
+        <div id="editor"></div>
+
+        <div class="admin-form-footer">
+            <button type="submit" class="admin-btn">Enregistrer</button>
+            <a href="/admin/contenus.php#form-help-blocks" class="admin-btn-secondary admin-cancel-link">Annuler</a>
+        </div>
+    </form>
+
    <?php else: ?>
    <?php
    $groups = is_array($value) ? $value : [];
--- a/app/templates/admin/contenus.php
+++ b/app/templates/admin/contenus.php
@@ -1,6 +1,17 @@
 <main id="main-content">
    <h1>Contenus</h1>

+    <?php
+    $flashSuccess = App::consumeFlash('success');
+    $flashError   = App::consumeFlash('error');
+    ?>
+    <?php if ($flashSuccess): ?>
+    <div class="flash-success" role="alert"><?= htmlspecialchars($flashSuccess) ?></div>
+    <?php endif; ?>
+    <?php if ($flashError): ?>
+    <div class="flash-error" role="alert"><?= htmlspecialchars($flashError) ?></div>
+    <?php endif; ?>
+
    <h2>Pages statiques</h2>

    <table>
@@ -58,4 +69,38 @@
            <?php endforeach; ?>
        </tbody>
    </table>
+
+    <h2 id="form-help-blocks" style="margin-top:2rem;">Blocs d'aide du formulaire étudiant·e</h2>
+    <p>Ces textes apparaissent dans le formulaire de soumission accessible via les liens de partage. Ils permettent d'expliquer aux étudiant·es comment remplir chaque section. Supporte le Markdown.</p>
+
+    <table>
+        <thead>
+            <tr>
+                <th scope="col">Bloc</th>
+                <th scope="col">Aperçu</th>
+                <th scope="col">Mis à jour</th>
+                <th scope="col">Action</th>
+            </tr>
+        </thead>
+        <tbody>
+            <?php foreach (Database::FORM_HELP_KEYS as $key): ?>
+            <?php
+                $block   = $formHelpBlocks[$key] ?? ['content' => '', 'updated_at' => null];
+                $label   = Database::FORM_HELP_LABELS[$key] ?? $key;
+                $preview = $block['content'] !== ''
+                    ? mb_strimwidth($block['content'], 0, 80, '…')
+                    : '<em class="muted">— vide —</em>';
+            ?>
+            <tr>
+                <td><?= htmlspecialchars($label) ?></td>
+                <td><small><?= $block['content'] !== '' ? htmlspecialchars($preview) : $preview ?></small></td>
+                <td><?= htmlspecialchars($block['updated_at'] ?? '—') ?></td>
+                <td>
+                    <a href="/admin/contenus-edit.php?form_block=<?= urlencode($key) ?>"
+                       class="admin-btn admin-btn--sm">Éditer</a>
+                </td>
+            </tr>
+            <?php endforeach; ?>
+        </tbody>
+    </table>
 </main>