PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Guard no-JS file uploads: disabled filepond_mode by default, server-side fallback

Browse Source 
The partage/admin form had a hardcoded filepond_mode=1 hidden input,
so without JavaScript the server always entered the FilePond async
path — which found no hex IDs and silently dropped all files.

Three-layer fix:
1. HTML: filepond_mode input starts disabled with value=0; JS enables
   it and sets value=1 on DOMContentLoaded (and after HTMX swaps).
   Disabled inputs aren't submitted → server gets no filepond_mode
   → naturally falls to legacy  path.
2. JS: enableFilepondMode() called on page load and hx:afterSwap so
   FilePond-enhanced forms always send filepond_mode=1.
3. Server (defense-in-depth): ThesisFileHandler::hasFilePondQueueData()
   scans POST['queue_file'] for 32-char hex IDs; ThesisCreateController
   and ThesisEditController use it alongside filepond_mode, so even if
   the flag somehow arrives without async upload IDs, the  path
   takes over.
This commit is contained in:
Pontoporeia
2026-06-11 10:32:38 +02:00
parent 63e65d9856
commit 4b37a05be3
6 changed files with 61 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
app/public/assets/js/app/file-upload-filepond.js
View File

@@ -615,11 +615,24 @@
console.log('[filepond] htmx detected, registering swap listeners');
window.htmx.on("htmx:beforeSwap", onHtmxBeforeSwap);
window.htmx.on("htmx:afterSwap", () => {
enableFilepondMode();
_xamxamFilepondReady = false;
window.XamxamInitFilePonds();
setTimeout(() => { _xamxamFilepondReady = true; }, 0);
});
}
// ── Enable filepond_mode hidden input (no-JS safety) ────────────────
// The hidden input starts as disabled / value=0 so the server falls
// back to $_FILES when JS is unavailable. Enable it now that FilePond
// will handle uploads asynchronously.
function enableFilepondMode() {
var inputs = document.querySelectorAll("input[name='filepond_mode']");
for (var i = 0; i < inputs.length; i++) {
inputs[i].disabled = false;
inputs[i].value = "1";
}
}
// Flag set after FilePond instances are fully initialised.
// Before this flag is set, FilePond:addfile events are from initial load
// (e.g. existing files loaded in edit mode) and should not mark the form dirty.
@@ -629,10 +642,12 @@
if (document.readyState === "loading") {
document.addEventListener("DOMContentLoaded", () => {
enableFilepondMode();
window.XamxamInitFilePonds();
_xamxamFilepondReady = true;
});
} else {
enableFilepondMode();
window.XamxamInitFilePonds();
_xamxamFilepondReady = true;
}