diff --git a/TODO.md b/TODO.md index 1f51d93..dae1728 100644 --- a/TODO.md +++ b/TODO.md @@ -1,5 +1,12 @@ # TODO +## Dev / Debug Fixes + +- [x] Fix `serve` recipe: show all PHP output (errors, logs) except static assets noise +- [x] Fix `error_log` path in `formulaire.php` (was relative, now absolute) +- [x] Fix CSRF debug: log both tokens on mismatch +- [x] Fix undefined `$redirect` on success path in `formulaire.php` + ## File Display in Forms & Recaps - [x] Add live file preview to `file-field.php` partial (`data-preview` attribute + `.file-preview-list` container) diff --git a/app/public/admin/actions/formulaire.php b/app/public/admin/actions/formulaire.php index c09e9e5..3d1a9c7 100644 --- a/app/public/admin/actions/formulaire.php +++ b/app/public/admin/actions/formulaire.php @@ -5,14 +5,18 @@ require_once __DIR__ . '/../../../src/AdminAuth.php'; ini_set('display_errors', 0); ini_set('log_errors', 1); -ini_set('error_log', 'error.log'); +ini_set('error_log', APP_ROOT . '/../error.log'); AdminAuth::requireLogin(); // Verify CSRF token if (!isset($_POST['csrf_token'], $_SESSION['csrf_token']) || !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) { - error_log('CSRF token validation failed in formulaire.php'); + error_log(sprintf( + 'CSRF token validation failed in formulaire.php — POST token: %s, SESSION token: %s', + $_POST['csrf_token'] ?? '(missing)', + $_SESSION['csrf_token'] ?? '(missing)' + )); die('Erreur de sécurité : token invalide. Veuillez recharger le formulaire.'); } @@ -33,6 +37,7 @@ try { unset($_SESSION['csrf_token']); + $redirect = '../recapitulatif.php?id=' . $thesisId; header('Location: ' . $redirect); exit(); diff --git a/justfile b/justfile index a9b6453..49ddbe0 100644 --- a/justfile +++ b/justfile @@ -13,7 +13,7 @@ setup: [group('dev')] serve: migrate - @php -S 127.0.0.1:8000 -t app/public/ app/router.php 2>&1 | stdbuf -oL grep -E '(Development Server|\[200\])' | stdbuf -oL grep -v 'live-reload\.php' || true + @php -S 127.0.0.1:8000 -t app/public/ app/router.php 2>&1 | stdbuf -oL grep -Ev '(Accepted|Closing|live-reload\.php|assets/|favicon)' || true [group('dev')] stop: