PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix issues with nginx access to pages

Browse Source 
- fix: 403 on /language-autre-fragment.php — add explicit nginx location block

  The nginx catch-all  blocked direct access
  to all PHP files except /index.php and files inside /admin/.

  language-autre-fragment.php lives at the public root and is POSTed to by
  HTMX from both the admin edit form and the partage form. Added an explicit
   fastcgi block so it is executed
  rather than denied.

- fix: replace .php-suffixed public URLs blocked by nginx catch-all

  Audit of all client-facing PHP URL references against nginx routing:

  - fetch('/request-access.php') in tfe.php -> '/request-access'
    (clean URL already routed by Dispatcher)
  - /media.php?path= in form.php (x2) and admin/recapitulatif.php -> /media?path=
    (nginx only has location = /media, no location for /media.php)

  All these .php-suffixed URLs hit the nginx catch-all
    location ~ \.php$ { deny all; }
  which takes precedence over location / { try_files ... } for regex matches.
This commit is contained in:
Pontoporeia
2026-05-08 11:30:02 +02:00
parent 6ba13e00ea
commit 5735ccbc38
8 changed files with 77 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
TODO.md
View File

@@ -21,6 +21,18 @@
- [x] `duration_pages`/`duration_minutes` saved in `updateThesis()` and read back in `getThesisRawFields()`
- [x] `beforeunload-guard` applied to add and partage forms too
- [x] Audit + fix direct PHP URL references blocked by nginx catch-all `deny all`
- [x] `/request-access.php` fetch in `tfe.php``/request-access`
- [x] `/media.php?path=` in `form.php` (×2) and `admin/recapitulatif.php``/media?path=`
- [x] Fix 403 on `/language-autre-fragment.php` from `edit.php`
- [x] Root cause: standalone root-level PHP file blocked by nginx catch-all `deny all`
- [x] Moved logic to `partage/language-autre-fragment.php` (shared include)
- [x] Added route `/partage/language-autre-fragment` in `partage/index.php`
- [x] Added `admin/language-autre-fragment.php` (AdminAuth gated, includes shared logic)
- [x] `form.php` picks URL based on `$mode` (`partage` vs admin)
- [x] Deleted `public/language-autre-fragment.php`; nginx unchanged
- [x] Merge banner images into cover images
- [x] Migration 016: copy `storage/banners/*``storage/covers/`, insert `thesis_files` cover records, clear `banner_path`, remove banners dir
- [x] Remove banner fieldset from edit form (`form.php`)