PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: add missing csrf_token to htmx checkbox in file access restrictions

Browse Source 
The 'Activer la restriction d'accès' checkbox in /admin/acces.php used
htmx to POST to settings.php but the #fieldset-restrictions container
was missing a csrf_token hidden input. This caused two bugs:
1. 'Erreur de sécurité, token invalide' error
2. Full /admin/parametres.php HTML injected into #restrictions-response
   (due to HTMX following the 302 redirect on CSRF failure)
This commit is contained in:
Pontoporeia
2026-06-08 11:22:31 +02:00
parent 3f200dae70
commit 24b753a992
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/templates/admin/acces.php
View File

@@ -338,6 +338,7 @@
hx-target="#restrictions-response"
hx-swap="innerHTML"
hx-include="#fieldset-restrictions">
<input type="hidden" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
<input type="hidden" name="section" value="formulaire_restrictions">
<strong>Activer la restriction d'accès</strong><br>
<small style="max-width:42ch;">Pour les TFE de type "Interne", masquer les fichiers et exiger une demande d'accès par email. Les métadonnées et résumés restent publics.</small>