PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 19:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: serve logs, formulaire.php error_log path, CSRF debug, undefined $redirect

Browse Source
This commit is contained in:
Pontoporeia
2026-04-27 21:03:45 +02:00
parent 32a7509598
commit 48059c2317
3 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
TODO.md
View File

@@ -1,5 +1,12 @@
# TODO
## Dev / Debug Fixes
- [x] Fix `serve` recipe: show all PHP output (errors, logs) except static assets noise
- [x] Fix `error_log` path in `formulaire.php` (was relative, now absolute)
- [x] Fix CSRF debug: log both tokens on mismatch
- [x] Fix undefined `$redirect` on success path in `formulaire.php`
## File Display in Forms & Recaps
- [x] Add live file preview to `file-field.php` partial (`data-preview` attribute + `.file-preview-list` container)

9
app/public/admin/actions/formulaire.php
View File

@@ -5,14 +5,18 @@ require_once __DIR__ . '/../../../src/AdminAuth.php';
ini_set('display_errors', 0);
ini_set('log_errors', 1);
ini_set('error_log', 'error.log');
ini_set('error_log', APP_ROOT . '/../error.log');
AdminAuth::requireLogin();
// Verify CSRF token
if (!isset($_POST['csrf_token'], $_SESSION['csrf_token'])
|| !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
error_log('CSRF token validation failed in formulaire.php');
error_log(sprintf(
'CSRF token validation failed in formulaire.php — POST token: %s, SESSION token: %s',
$_POST['csrf_token'] ?? '(missing)',
$_SESSION['csrf_token'] ?? '(missing)'
));
die('Erreur de sécurité : token invalide. Veuillez recharger le formulaire.');
}
@@ -33,6 +37,7 @@ try {
unset($_SESSION['csrf_token']);
$redirect = '../recapitulatif.php?id=' . $thesisId;
header('Location: ' . $redirect);
exit();

2
justfile
View File

@@ -13,7 +13,7 @@ setup:
[group('dev')]
serve: migrate
@php -S 127.0.0.1:8000 -t app/public/ app/router.php 2>&1 | stdbuf -oL grep -E '(Development Server|\[200\])' | stdbuf -oL grep -v 'live-reload\.php' || true
@php -S 127.0.0.1:8000 -t app/public/ app/router.php 2>&1 | stdbuf -oL grep -Ev '(Accepted|Closing|live-reload\.php|assets/|favicon)' || true
[group('dev')]
stop: