PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactor apropos/charte/licence pages: shared layout, TOC anchors, and UI polish

Browse Source 
Unify the three public pages (à propos, charte, licence) onto a single
grid layout (.page-content) with sticky TOC sidebar, replacing the old
separate  /  /  markup.

- Merge about.php, charte.php, licence.php templates into shared
  .page-content / .content-section structure
- Add CommonMark HeadingPermalinkExtension for stable heading anchors
- Use SlugNormalizer for TOC links so they match rendered heading IDs
- Standardize link styling across content blocks: bold black, accent on
  hover (consistent with global link style)
- Fix code block wrapping: use pre-wrap instead of pre, constrain grid
  columns with min-width:0, auto scrollbar
- Fix apropos page grid placement: force content-section into column 2
  so contacts and credits stay in the content area, not the sidebar

Also includes accumulated WIP changes:
- Header gradient: hardcoded purple-to-green (replaces CSS variables)
- Search placeholder font
- Duration field: replace minutes/sec/heures with h:m:s time inputs
- TFE file optional for formats 1,4,6 with client-side JS toggle
- Licence form: em-dash to hyphen, details/summary classes
- Pill search: block Enter key form submission when no results
- Draft autosave: remove CSRF rotation (broke concurrent FilePond uploads)
- Language pill: clear hints for excluded main languages
- Search results: gradient placeholder cards for items without covers
- TFE display: format durée values as XhYm instead of decimal
This commit is contained in:
Pontoporeia
2026-06-15 16:35:17 +02:00
parent 928e074d24
commit 19bf9f101a
27 changed files with 636 additions and 342 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
app/public/admin/actions/draft.php
View File

@@ -81,13 +81,17 @@ foreach ($_POST as $key => $value) {
$_SESSION[$draftKey] = $draft;
// Rotate CSRF after mutation
$newToken = bin2hex(random_bytes(32));
$_SESSION['csrf_token'] = $newToken;
// NOTE: Do NOT rotate the CSRF token here.
// Rotating it breaks concurrent requests:
// 1. FilePond uploads in flight use the old token (from <meta name="csrf-token">)
// and fail when the server session already has the new token.
// 2. Overlapping autosave requests hit CSRF mismatch.
// 3. HTMX fragment requests (pill-search, language-autre) can't use the old token.
// The CSRF token already rotates on page load and form submit — that's sufficient.
// Autosave is a background persistence mechanism and does not need token rotation.
header('Content-Type: application/json');
echo json_encode([
'success' => true,
'csrf_token' => $newToken,
'success' => true,
]);
exit;