PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 19:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: allow isAuthenticated() bypass in development mode

Browse Source
This commit is contained in:
Pontoporeia
2026-04-16 14:33:53 +02:00
parent bf30aab0b3
commit 05002ccee4
9 changed files with 275 additions and 171 deletions
Download Patch File Download Diff File Expand all files Collapse all files

198
public/admin/contenus-edit.php
View File

@@ -10,7 +10,7 @@ if (empty($_SESSION["csrf_token"])) {
}
$allowedPageSlugs = ["about", "licenses", "charte"];
$allowedApropos = ["contacts", "credits", "erg_url"];
$allowedApropos = ["contacts", "credits"];
$pageSlug = $_GET["slug"] ?? "";
$aproposKey = $_GET["apropos"] ?? "";
@@ -44,7 +44,6 @@ try {
$editTitle = match($aproposKey) {
'contacts' => 'Contacts',
'credits' => 'Crédits',
'erg_url' => 'URL de l\'ERG',
};
}
} catch (Exception $e) {
@@ -104,126 +103,127 @@ require_once APP_ROOT . "/templates/head.php";
</div>
</form>
<?php elseif ($aproposKey === 'erg_url'): ?>
<form action="/admin/actions/apropos.php" method="post" class="admin-form">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION["csrf_token"]) ?>">
<input type="hidden" name="apropos_key" value="erg_url">
<label for="erg_url">URL du site de l'ERG :</label>
<input type="url" id="erg_url" name="value"
value="<?= htmlspecialchars($value) ?>" style="width:100%;max-width:600px;">
<div class="admin-form-footer">
<button type="submit" class="admin-btn">Enregistrer</button>
<a href="/admin/contenus.php" class="admin-btn-secondary admin-cancel-link">Annuler</a>
</div>
</form>
<?php elseif (in_array($aproposKey, ['contacts', 'credits'])): ?>
<?php else: ?>
<?php
$items = is_array($value) ? $value : [];
$groups = is_array($value) ? $value : [];
?>
<form action="/admin/actions/apropos.php" method="post" class="admin-form" id="apropos-form">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION["csrf_token"]) ?>">
<input type="hidden" name="apropos_key" value="<?= htmlspecialchars($aproposKey) ?>">
<?php if ($aproposKey === 'contacts'): ?>
<?php foreach ($items as $i => $item): ?>
<fieldset class="apropos-item">
<legend>Contact <?= $i + 1 ?></legend>
<label for="contact_<?= $i ?>_name">Nom :</label>
<input type="text" id="contact_<?= $i ?>_name"
name="items[<?= $i ?>][name]"
value="<?= htmlspecialchars($item['name'] ?? '') ?>" required>
<?php foreach ($groups as $gi => $group): ?>
<fieldset class="apropos-group">
<legend><?= htmlspecialchars($aproposKey === 'contacts' ? 'Contact' : 'Crédit') ?> <?= $gi + 1 ?></legend>
<?php if ($aproposKey === 'contacts'): ?>
<label for="group_<?= $gi ?>_role">Rôle :</label>
<input type="text" id="group_<?= $gi ?>_role"
name="groups[<?= $gi ?>][role]"
value="<?= htmlspecialchars($group['role'] ?? '') ?>">
<?php else: ?>
<label for="group_<?= $gi ?>_label">Label :</label>
<input type="text" id="group_<?= $gi ?>_label"
name="groups[<?= $gi ?>][label]"
value="<?= htmlspecialchars($group['label'] ?? '') ?>">
<?php endif; ?>
<label for="contact_<?= $i ?>_role">Rôle :</label>
<input type="text" id="contact_<?= $i ?>_role"
name="items[<?= $i ?>][role]"
value="<?= htmlspecialchars($item['role'] ?? '') ?>">
<label for="contact_<?= $i ?>_email">Email :</label>
<input type="email" id="contact_<?= $i ?>_email"
name="items[<?= $i ?>][email]"
value="<?= htmlspecialchars($item['email'] ?? '') ?>">
<label for="contact_<?= $i ?>_url">Lien (optionnel) :</label>
<input type="url" id="contact_<?= $i ?>_url"
name="items[<?= $i ?>][url]"
value="<?= htmlspecialchars($item['url'] ?? '') ?>">
</fieldset>
<?php $entries = is_array($group['entries'] ?? null) ? $group['entries'] : []; ?>
<?php foreach ($entries as $ei => $entry): ?>
<div class="apropos-entry">
<label for="entry_<?= $gi ?>_<?= $ei ?>_text"><?= $aproposKey === 'contacts' ? 'Nom' : 'Texte' ?> :</label>
<input type="text" id="entry_<?= $gi ?>_<?= $ei ?>_text"
name="groups[<?= $gi ?>][entries][<?= $ei ?>][text]"
value="<?= htmlspecialchars($entry['text'] ?? '') ?>">
<?php if ($aproposKey === 'contacts'): ?>
<label for="entry_<?= $gi ?>_<?= $ei ?>_email">Email :</label>
<input type="email" id="entry_<?= $gi ?>_<?= $ei ?>_email"
name="groups[<?= $gi ?>][entries][<?= $ei ?>][email]"
value="<?= htmlspecialchars($entry['email'] ?? '') ?>">
<?php endif; ?>
<label for="entry_<?= $gi ?>_<?= $ei ?>_url">Lien (optionnel) :</label>
<input type="url" id="entry_<?= $gi ?>_<?= $ei ?>_url"
name="groups[<?= $gi ?>][entries][<?= $ei ?>][url]"
value="<?= htmlspecialchars($entry['url'] ?? '') ?>">
</div>
<?php endforeach; ?>
<?php else: ?>
<?php foreach ($items as $i => $item): ?>
<fieldset class="apropos-item">
<legend>Crédit <?= $i + 1 ?></legend>
<label for="credit_<?= $i ?>_label">Label :</label>
<input type="text" id="credit_<?= $i ?>_label"
name="items[<?= $i ?>][label]"
value="<?= htmlspecialchars($item['label'] ?? '') ?>">
<button type="button" class="admin-btn admin-btn--sm add-entry-btn" data-group="<?= $gi ?>">+ Ajouter une entrée</button>
</fieldset>
<?php endforeach; ?>
<label for="credit_<?= $i ?>_value">Valeur :</label>
<input type="text" id="credit_<?= $i ?>_value"
name="items[<?= $i ?>][value]"
value="<?= htmlspecialchars($item['value'] ?? '') ?>">
<label for="credit_<?= $i ?>_url">Lien (optionnel) :</label>
<input type="url" id="credit_<?= $i ?>_url"
name="items[<?= $i ?>][url]"
value="<?= htmlspecialchars($item['url'] ?? '') ?>">
</fieldset>
<?php endforeach; ?>
<?php endif; ?>
<button type="button" class="admin-btn" id="add-item-btn" style="width:auto;">+ Ajouter un élément</button>
<button type="button" class="admin-btn" id="add-group-btn">+ Ajouter un <?= $aproposKey === 'contacts' ? 'contact' : 'groupe de crédit' ?></button>
<div class="admin-form-footer">
<button type="submit" class="admin-btn">Enregistrer</button>
<a href="/admin/contenus.php" class="admin-btn-secondary admin-cancel-link">Annuler</a>
</div>
<template id="row-template-<?= $aproposKey ?>">
<?php if ($aproposKey === 'contacts'): ?>
<fieldset class="apropos-item">
<legend>Contact {{index}}</legend>
<label for="contact_{{index}}_name">Nom :</label>
<input type="text" id="contact_{{index}}_name"
name="items[{{index}}][name]" required>
<label for="contact_{{index}}_role">Rôle :</label>
<input type="text" id="contact_{{index}}_role"
name="items[{{index}}][role]">
<label for="contact_{{index}}_email">Email :</label>
<input type="email" id="contact_{{index}}_email"
name="items[{{index}}][email]">
<label for="contact_{{index}}_url">Lien (optionnel) :</label>
<input type="url" id="contact_{{index}}_url"
name="items[{{index}}][url]">
<template id="entry-template-<?= $aproposKey ?>">
<div class="apropos-entry">
<label>Entrée :</label>
<input type="text" name="groups[{{gi}}][entries][{{ei}}][text]">
<?php if ($aproposKey === 'contacts'): ?>
<label>Email :</label>
<input type="email" name="groups[{{gi}}][entries][{{ei}}][email]">
<?php endif; ?>
<label>Lien (optionnel) :</label>
<input type="url" name="groups[{{gi}}][entries][{{ei}}][url]">
</div>
</template>
<template id="group-template-<?= $aproposKey ?>">
<fieldset class="apropos-group">
<legend><?= htmlspecialchars($aproposKey === 'contacts' ? 'Contact' : 'Crédit') ?> {{gi}}</legend>
<?php if ($aproposKey === 'contacts'): ?>
<label>Rôle :</label>
<input type="text" name="groups[{{gi}}][role]">
<?php else: ?>
<label>Label :</label>
<input type="text" name="groups[{{gi}}][label]">
<?php endif; ?>
<button type="button" class="admin-btn admin-btn--sm add-entry-btn" data-group="{{gi}}">+ Ajouter une entrée</button>
</fieldset>
<?php else: ?>
<fieldset class="apropos-item">
<legend>Crédit {{index}}</legend>
<label for="credit_{{index}}_label">Label :</label>
<input type="text" id="credit_{{index}}_label"
name="items[{{index}}][label]">
<label for="credit_{{index}}_value">Valeur :</label>
<input type="text" id="credit_{{index}}_value"
name="items[{{index}}][value]">
<label for="credit_{{index}}_url">Lien (optionnel) :</label>
<input type="url" id="credit_{{index}}_url"
name="items[{{index}}][url]">
</fieldset>
<?php endif; ?>
</template>
</form>
<script>
(function() {
let count = <?= count($items) ?>;
const tpl = document.getElementById('row-template-<?= $aproposKey ?>').innerHTML;
document.getElementById('add-item-btn').addEventListener('click', function() {
count++;
const html = tpl.replaceAll('{{index}}', count);
const aproposKey = '<?= $aproposKey ?>';
let groupCount = <?= count($groups) ?>;
const entryTpl = document.getElementById('entry-template-' + aproposKey).innerHTML;
const groupTpl = document.getElementById('group-template-' + aproposKey).innerHTML;
// Add entry to a group
document.querySelectorAll('.add-entry-btn').forEach(btn => {
btn.addEventListener('click', function() {
const gi = parseInt(this.dataset.group);
const fieldset = this.closest('fieldset');
const entryCount = fieldset.querySelectorAll('.apropos-entry').length;
const html = entryTpl.replaceAll('{{gi}}', gi).replaceAll('{{ei}}', entryCount);
this.insertAdjacentHTML('beforebegin', html);
});
});
// Add new group
document.getElementById('add-group-btn').addEventListener('click', function() {
groupCount++;
const html = groupTpl.replaceAll('{{gi}}', groupCount);
this.insertAdjacentHTML('beforebegin', html);
// Re-bind add-entry buttons for the new group
const newGroup = this.previousElementSibling;
if (newGroup && newGroup.classList.contains('apropos-group')) {
const btn = newGroup.querySelector('.add-entry-btn');
if (btn) {
btn.dataset.group = groupCount;
btn.addEventListener('click', function() {
const gi = parseInt(this.dataset.group);
const fieldset = this.closest('fieldset');
const entryCount = fieldset.querySelectorAll('.apropos-entry').length;
const html = entryTpl.replaceAll('{{gi}}', gi).replaceAll('{{ei}}', entryCount);
this.insertAdjacentHTML('beforebegin', html);
});
}
}
});
})();
</script>