fix: serve logs, formulaire.php error_log path, CSRF debug, undefined $redirect

2026-05-06 11:09:18 +02:00 · 2026-04-27 21:03:45 +02:00
parent 32a7509598
commit 48059c2317
3 changed files with 15 additions and 3 deletions
--- a/app/public/admin/actions/formulaire.php
+++ b/app/public/admin/actions/formulaire.php
@@ -5,14 +5,18 @@ require_once __DIR__ . '/../../../src/AdminAuth.php';

 ini_set('display_errors', 0);
 ini_set('log_errors', 1);
-ini_set('error_log', 'error.log');
+ini_set('error_log', APP_ROOT . '/../error.log');

 AdminAuth::requireLogin();

 // Verify CSRF token
 if (!isset($_POST['csrf_token'], $_SESSION['csrf_token'])
    || !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
-    error_log('CSRF token validation failed in formulaire.php');
+    error_log(sprintf(
+        'CSRF token validation failed in formulaire.php — POST token: %s, SESSION token: %s',
+        $_POST['csrf_token'] ?? '(missing)',
+        $_SESSION['csrf_token'] ?? '(missing)'
+    ));
    die('Erreur de sécurité : token invalide. Veuillez recharger le formulaire.');
 }

@@ -33,6 +37,7 @@ try {

    unset($_SESSION['csrf_token']);

+    $redirect = '../recapitulatif.php?id=' . $thesisId;
    header('Location: ' . $redirect);
    exit();