PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 11:09:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: escape apostrophe in FORM_HELP_LABELS string (Database.php:2005)

Browse Source
This commit is contained in:
Pontoporeia
2026-04-29 21:05:53 +02:00
parent d665cb502d
commit 0437ec8d15
8 changed files with 225 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
TODO.md
View File

@@ -61,3 +61,7 @@
- [x] Add CSS: `.file-preview-list`, `.fp-item`, `.fp-thumb`, `.fp-icon`, `.fp-meta`, `.fp-name`, `.fp-size` - [x] Add CSS: `.file-preview-list`, `.fp-item`, `.fp-thumb`, `.fp-icon`, `.fp-meta`, `.fp-name`, `.fp-size`
- [x] Add CSS: `.recap-file-list`, `.recap-file-item`, `.recap-file-thumb`, `.recap-file-icon`, `.recap-file-meta`, `.recap-file-type-badge`, `.recap-file-date` - [x] Add CSS: `.recap-file-list`, `.recap-file-item`, `.recap-file-thumb`, `.recap-file-icon`, `.recap-file-meta`, `.recap-file-type-badge`, `.recap-file-date`
- [x] Add CSS: `.partage-recap`, `.recap-section`, `.recap-dl` for partage recap layout - [x] Add CSS: `.partage-recap`, `.recap-section`, `.recap-dl` for partage recap layout
## Bug Fixes (2026-04-29)
- [x] Fix parse error in `Database.php` line 2005 — escaped apostrophe in `d'introduction`

26
app/migrations/applied/004_add_form_help_blocks.sql Normal file
View File

@@ -0,0 +1,26 @@
-- Form help blocks: stores per-fieldset student-facing explanatory text
-- displayed in the /partage share-link submission form.
-- Each row is keyed by a stable slug matching TODO locations in partage/index.php.
CREATE TABLE IF NOT EXISTS form_help_blocks (
key TEXT PRIMARY KEY,
content TEXT NOT NULL DEFAULT '',
updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
);
CREATE TRIGGER IF NOT EXISTS update_form_help_blocks_timestamp
AFTER UPDATE ON form_help_blocks
BEGIN
UPDATE form_help_blocks SET updated_at = CURRENT_TIMESTAMP WHERE key = NEW.key;
END;
-- Seed the eight block slots referenced in partage/index.php.
INSERT OR IGNORE INTO form_help_blocks (key, content) VALUES
('partage_intro', ''),
('fieldset_tfe_info', ''),
('fieldset_synopsis', ''),
('fieldset_jury', ''),
('fieldset_academic', ''),
('fieldset_files', ''),
('fieldset_access', ''),
('fieldset_email', '');

39
app/public/admin/actions/form-help.php Normal file
View File

@@ -0,0 +1,39 @@
<?php
/**
* Save handler for form help blocks (student-facing explanatory text shown
* in the /partage share-link submission form).
*/
require_once __DIR__ . '/../../../bootstrap.php';
require_once __DIR__ . '/../../../src/AdminAuth.php';
AdminAuth::requireLogin();
if (!isset($_POST['csrf_token'], $_SESSION['csrf_token'])
|| !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
App::flash('error', 'Erreur de sécurité : token invalide.');
header('Location: /admin/contenus.php');
exit;
}
$key = $_POST['form_help_key'] ?? '';
$content = $_POST['content'] ?? '';
require_once APP_ROOT . '/src/Database.php';
$db = new Database();
if (!in_array($key, Database::FORM_HELP_KEYS, true)) {
App::flash('error', 'Clé de bloc invalide.');
header('Location: /admin/contenus.php');
exit;
}
try {
$db->setFormHelpBlock($key, $content);
App::flash('success', 'Bloc « ' . htmlspecialchars($key) . ' » mis à jour.');
} catch (Exception $e) {
error_log('form-help save error: ' . $e->getMessage());
App::flash('error', 'Erreur lors de la sauvegarde : ' . htmlspecialchars($e->getMessage()));
}
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
header('Location: /admin/contenus.php#form-help-blocks');
exit;

16
app/public/admin/contenus-edit.php
View File

@@ -12,8 +12,9 @@ if (empty($_SESSION["csrf_token"])) {
$allowedPageSlugs = ["about", "licenses", "charte"]; $allowedPageSlugs = ["about", "licenses", "charte"];
$allowedApropos = ["contacts", "credits"]; $allowedApropos = ["contacts", "credits"];
$pageSlug = $_GET["slug"] ?? ""; $pageSlug = $_GET["slug"] ?? "";
$aproposKey = $_GET["apropos"] ?? ""; $aproposKey = $_GET["apropos"] ?? "";
$formHelpKey = $_GET["form_block"] ?? "";
if ($pageSlug && !in_array($pageSlug, $allowedPageSlugs)) { if ($pageSlug && !in_array($pageSlug, $allowedPageSlugs)) {
$pageSlug = ""; $pageSlug = "";
@@ -21,8 +22,11 @@ if ($pageSlug && !in_array($pageSlug, $allowedPageSlugs)) {
if ($aproposKey && !in_array($aproposKey, $allowedApropos)) { if ($aproposKey && !in_array($aproposKey, $allowedApropos)) {
$aproposKey = ""; $aproposKey = "";
} }
if ($formHelpKey && !in_array($formHelpKey, Database::FORM_HELP_KEYS, true)) {
$formHelpKey = "";
}
if (!$pageSlug && !$aproposKey) { if (!$pageSlug && !$aproposKey && !$formHelpKey) {
header("Location: /admin/contenus.php"); header("Location: /admin/contenus.php");
exit(); exit();
} }
@@ -37,6 +41,10 @@ try {
} }
$editTitle = $page["title"]; $editTitle = $page["title"];
$editType = "page"; $editType = "page";
} elseif ($formHelpKey) {
$editType = "form_help";
$formHelpContent = $db->getFormHelpBlock($formHelpKey);
$editTitle = Database::FORM_HELP_LABELS[$formHelpKey] ?? $formHelpKey;
} else { } else {
$editType = "apropos"; $editType = "apropos";
$value = $db->getAproposContent($aproposKey); $value = $db->getAproposContent($aproposKey);
@@ -65,6 +73,8 @@ JS;
$initialContent = ''; $initialContent = '';
if ($editType === 'page') { if ($editType === 'page') {
$initialContent = $page["content"] ?? ""; $initialContent = $page["content"] ?? "";
} elseif ($editType === 'form_help') {
$initialContent = $formHelpContent;
} }
$isAdmin = true; $isAdmin = true;

9
app/public/admin/contenus.php
View File

@@ -6,10 +6,15 @@ require_once __DIR__ . '/../../src/Database.php';
$pageTitle = "Contenus"; $pageTitle = "Contenus";
if (empty($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
try { try {
$db = new Database(); $db = new Database();
$pages = $db->getAllPages(); $pages = $db->getAllPages();
$aproposKeys = $db->getAllAproposContents(); $aproposKeys = $db->getAllAproposContents();
$formHelpBlocks = $db->getAllFormHelpBlocks();
} catch (Exception $e) { } catch (Exception $e) {
error_log("Error loading contenus: " . $e->getMessage()); error_log("Error loading contenus: " . $e->getMessage());
die("Erreur lors du chargement des contenus."); die("Erreur lors du chargement des contenus.");

74
app/src/Database.php
View File

@@ -1979,6 +1979,80 @@ class Database {
return $stmt->fetchAll(); return $stmt->fetchAll();
} }
// ========================================================================
// FORM HELP BLOCKS
// ========================================================================
/**
* Known form help block keys (mirrors the seeded rows in migration 004).
*/
public const FORM_HELP_KEYS = [
'partage_intro',
'fieldset_tfe_info',
'fieldset_synopsis',
'fieldset_jury',
'fieldset_academic',
'fieldset_files',
'fieldset_access',
'fieldset_email',
];
/**
* Human-readable labels for each block key (used in the admin UI).
*/
public const FORM_HELP_LABELS = [
'partage_intro' => 'Introduction du formulaire',
'fieldset_tfe_info' => 'Informations du TFE — note d\'introduction',
'fieldset_synopsis' => 'Synopsis — explication',
'fieldset_jury' => 'Composition du jury — note',
'fieldset_academic' => 'Cadre académique — note',
'fieldset_files' => 'Fichiers — note',
'fieldset_access' => 'Visibilité / Accès — explication',
'fieldset_email' => 'E-mail de confirmation — note',
];
/**
* Get a single form help block by key. Returns '' when missing.
*/
public function getFormHelpBlock(string $key): string {
$stmt = $this->pdo->prepare(
"SELECT content FROM form_help_blocks WHERE key = ? LIMIT 1"
);
$stmt->execute([$key]);
$val = $stmt->fetchColumn();
return ($val !== false) ? (string)$val : '';
}
/**
* Upsert a form help block.
*/
public function setFormHelpBlock(string $key, string $content): void {
if (!in_array($key, self::FORM_HELP_KEYS, true)) {
throw new Exception("Unknown form help block key: $key");
}
$this->pdo->prepare(
"INSERT INTO form_help_blocks (key, content, updated_at)
VALUES (?, ?, CURRENT_TIMESTAMP)
ON CONFLICT(key) DO UPDATE SET content = excluded.content,
updated_at = CURRENT_TIMESTAMP"
)->execute([$key, $content]);
}
/**
* Return all form help blocks as [ key => ['content' => ..., 'updated_at' => ...] ].
*/
public function getAllFormHelpBlocks(): array {
$stmt = $this->pdo->query(
"SELECT key, content, updated_at FROM form_help_blocks ORDER BY key"
);
$rows = $stmt->fetchAll();
$out = [];
foreach ($rows as $r) {
$out[$r['key']] = ['content' => $r['content'], 'updated_at' => $r['updated_at']];
}
return $out;
}
// ======================================================================== // ========================================================================
// SINGLETON PATTERN ENFORCEMENT // SINGLETON PATTERN ENFORCEMENT
// ======================================================================== // ========================================================================

17
app/templates/admin/contenus-edit.php
View File

@@ -17,6 +17,23 @@
</div> </div>
</form> </form>
<?php elseif ($editType === 'form_help'): ?>
<p class="param-note">Ce texte est affiché dans le formulaire de soumission des étudiant·es (lien de partage). Supporte le Markdown.</p>
<form action="/admin/actions/form-help.php" method="post" class="admin-form">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
<input type="hidden" name="form_help_key" value="<?= htmlspecialchars($formHelpKey) ?>">
<label for="editor">Contenu (Markdown) :</label>
<input type="hidden" id="content" name="content"
value="<?= htmlspecialchars($initialContent) ?>">
<div id="editor"></div>
<div class="admin-form-footer">
<button type="submit" class="admin-btn">Enregistrer</button>
<a href="/admin/contenus.php#form-help-blocks" class="admin-btn-secondary admin-cancel-link">Annuler</a>
</div>
</form>
<?php else: ?> <?php else: ?>
<?php <?php
$groups = is_array($value) ? $value : []; $groups = is_array($value) ? $value : [];

45
app/templates/admin/contenus.php
View File

@@ -1,6 +1,17 @@
<main id="main-content"> <main id="main-content">
<h1>Contenus</h1> <h1>Contenus</h1>
<?php
$flashSuccess = App::consumeFlash('success');
$flashError = App::consumeFlash('error');
?>
<?php if ($flashSuccess): ?>
<div class="flash-success" role="alert"><?= htmlspecialchars($flashSuccess) ?></div>
<?php endif; ?>
<?php if ($flashError): ?>
<div class="flash-error" role="alert"><?= htmlspecialchars($flashError) ?></div>
<?php endif; ?>
<h2>Pages statiques</h2> <h2>Pages statiques</h2>
<table> <table>
@@ -58,4 +69,38 @@
<?php endforeach; ?> <?php endforeach; ?>
</tbody> </tbody>
</table> </table>
<h2 id="form-help-blocks" style="margin-top:2rem;">Blocs d'aide du formulaire étudiant·e</h2>
<p>Ces textes apparaissent dans le formulaire de soumission accessible via les liens de partage. Ils permettent d'expliquer aux étudiant·es comment remplir chaque section. Supporte le Markdown.</p>
<table>
<thead>
<tr>
<th scope="col">Bloc</th>
<th scope="col">Aperçu</th>
<th scope="col">Mis à jour</th>
<th scope="col">Action</th>
</tr>
</thead>
<tbody>
<?php foreach (Database::FORM_HELP_KEYS as $key): ?>
<?php
$block = $formHelpBlocks[$key] ?? ['content' => '', 'updated_at' => null];
$label = Database::FORM_HELP_LABELS[$key] ?? $key;
$preview = $block['content'] !== ''
? mb_strimwidth($block['content'], 0, 80, '…')
: '<em class="muted">— vide —</em>';
?>
<tr>
<td><?= htmlspecialchars($label) ?></td>
<td><small><?= $block['content'] !== '' ? htmlspecialchars($preview) : $preview ?></small></td>
<td><?= htmlspecialchars($block['updated_at'] ?? '—') ?></td>
<td>
<a href="/admin/contenus-edit.php?form_block=<?= urlencode($key) ?>"
class="admin-btn admin-btn--sm">Éditer</a>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</main> </main>