mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-07 03:29:19 +02:00
fix: allow isAuthenticated() bypass in development mode
This commit is contained in:
Pontoporeia
@@ -1,6 +1,7 @@
|
||||
<?php
|
||||
/**
|
||||
* Save handler for apropos contents (contacts, credits, erg_url).
|
||||
* Save handler for apropos contents (contacts, credits).
|
||||
* Structure: groups[] with label/role, each having entries[] of {text, url, email}.
|
||||
*/
|
||||
require_once __DIR__ . "/../../../config/bootstrap.php";
|
||||
require_once __DIR__ . '/../../../src/AdminAuth.php';
|
||||
@@ -12,7 +13,7 @@ if (!isset($_POST['csrf_token']) || !isset($_SESSION['csrf_token']) ||
|
||||
die("Erreur de sécurité : token invalide.");
|
||||
}
|
||||
|
||||
$allowedKeys = ['contacts', 'credits', 'erg_url'];
|
||||
$allowedKeys = ['contacts', 'credits'];
|
||||
$aproposKey = $_POST['apropos_key'] ?? '';
|
||||
if (!in_array($aproposKey, $allowedKeys)) {
|
||||
die("Clé invalide.");
|
||||
@@ -22,51 +23,49 @@ require_once __DIR__ . '/../../../src/Database.php';
|
||||
|
||||
try {
|
||||
$db = new Database();
|
||||
$groups = $_POST['groups'] ?? [];
|
||||
$cleaned = [];
|
||||
|
||||
if ($aproposKey === 'erg_url') {
|
||||
$value = trim($_POST['value'] ?? '');
|
||||
if (strlen($value) > 500) {
|
||||
die("URL trop longue (max 500 caractères).");
|
||||
}
|
||||
$db->saveAproposContent('erg_url', $value);
|
||||
} else {
|
||||
$items = $_POST['items'] ?? [];
|
||||
$cleaned = [];
|
||||
foreach ($items as $item) {
|
||||
if ($aproposKey === 'contacts') {
|
||||
$name = trim($item['name'] ?? '');
|
||||
if ($name === '') continue; // skip empty rows
|
||||
$entry = [
|
||||
'name' => trim($item['name'] ?? ''),
|
||||
'role' => trim($item['role'] ?? ''),
|
||||
'email' => trim($item['email'] ?? ''),
|
||||
];
|
||||
$url = trim($item['url'] ?? '');
|
||||
if ($url !== '') {
|
||||
$entry['url'] = $url;
|
||||
}
|
||||
$cleaned[] = $entry;
|
||||
} else { // credits
|
||||
$label = trim($item['label'] ?? '');
|
||||
$val = trim($item['value'] ?? '');
|
||||
$url = trim($item['url'] ?? '');
|
||||
if ($label === '' && $val === '') continue;
|
||||
$entry = [
|
||||
'label' => $label,
|
||||
'value' => $val,
|
||||
];
|
||||
if ($url !== '') {
|
||||
$entry['url'] = $url;
|
||||
}
|
||||
$cleaned[] = $entry;
|
||||
foreach ($groups as $group) {
|
||||
if ($aproposKey === 'credits') {
|
||||
$label = trim($group['label'] ?? '');
|
||||
if ($label === '') continue;
|
||||
$entries = [];
|
||||
foreach ($group['entries'] ?? [] as $entry) {
|
||||
$text = trim($entry['text'] ?? '');
|
||||
if ($text === '') continue;
|
||||
$e = ['text' => $text];
|
||||
$url = trim($entry['url'] ?? '');
|
||||
if ($url !== '') $e['url'] = $url;
|
||||
$entries[] = $e;
|
||||
}
|
||||
if (empty($entries)) continue;
|
||||
$cleaned[] = ['label' => $label, 'entries' => $entries];
|
||||
} else { // contacts
|
||||
$role = trim($group['role'] ?? '');
|
||||
if ($role === '') continue;
|
||||
$entries = [];
|
||||
foreach ($group['entries'] ?? [] as $entry) {
|
||||
$text = trim($entry['text'] ?? '');
|
||||
if ($text === '') continue;
|
||||
$e = [
|
||||
'text' => $text,
|
||||
'email' => trim($entry['email'] ?? ''),
|
||||
];
|
||||
$url = trim($entry['url'] ?? '');
|
||||
if ($url !== '') $e['url'] = $url;
|
||||
$entries[] = $e;
|
||||
}
|
||||
if (empty($entries)) continue;
|
||||
$cleaned[] = ['role' => $role, 'entries' => $entries];
|
||||
}
|
||||
if (empty($cleaned)) {
|
||||
die("Au moins un élément est requis.");
|
||||
}
|
||||
$db->saveAproposContent($aproposKey, $cleaned);
|
||||
}
|
||||
|
||||
if (empty($cleaned)) {
|
||||
die("Au moins un groupe avec des entrées est requis.");
|
||||
}
|
||||
|
||||
$db->saveAproposContent($aproposKey, $cleaned);
|
||||
App::flash('success', "Contenu « $aproposKey » mis à jour avec succès.");
|
||||
} catch (Exception $e) {
|
||||
error_log("Apropos save error: " . $e->getMessage());
|
||||
|
||||
Reference in New Issue
Block a user