PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 19:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Unify flash messages: replace all legacy session key writes with App::flash()

Browse Source 
All admin action files (account, tag, page, edit, visibility, maintenance,
publish, formulaire) now call App::flash('error'|'success', ...) instead of
writing to raw per-page session keys ($_SESSION['error'], 'admin_error',
'edit_error', 'admin_success', 'edit_success', 'form_error').

All admin display pages (add, edit, account, tags, pages, index) now include
templates/partials/flash-messages.php instead of manually reading and
unsetting the legacy session keys and inlining their own alert HTML.

App::consumeFlash() already drained all legacy key variants as a safety net,
so the partial works correctly whether called from pages that were already
migrated or any remaining stragglers. No behaviour change for end users.
This commit is contained in:
Pontoporeia
2026-04-02 12:57:36 +02:00
parent 77bfd2f8e3
commit 592b1183db
15 changed files with 51 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
public/admin/actions/visibility.php
View File

@@ -5,7 +5,7 @@ AdminAuth::requireLogin();
if (!isset($_POST['csrf_token'], $_SESSION['csrf_token'])
|| !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
$_SESSION['error'] = "Erreur de sécurité : token invalide.";
App::flash('error', "Erreur de sécurité : token invalide.");
header('Location: /admin/');
exit;
}
@@ -18,7 +18,7 @@ $isBulk = !empty($_POST['bulk']);
$validAccess = [null, 1, 2, 3];
if (!in_array($accessTypeId, $validAccess, true)) {
$_SESSION['error'] = "Valeur de visibilité invalide.";
App::flash('error', "Valeur de visibilité invalide.");
header('Location: /admin/');
exit;
}
@@ -29,25 +29,25 @@ try {
if ($isBulk) {
$ids = array_filter(array_map('intval', $_POST['selected_theses'] ?? []), fn($id) => $id > 0);
if (empty($ids)) {
$_SESSION['error'] = "Aucun TFE sélectionné.";
App::flash('error', "Aucun TFE sélectionné.");
header('Location: /admin/');
exit;
}
$db->bulkSetVisibility($ids, $accessTypeId);
$_SESSION['success'] = count($ids) . " TFE(s) mis à jour.";
App::flash('success', count($ids) . " TFE(s) mis à jour.");
} else {
$thesisId = filter_var($_POST['thesis_id'] ?? '', FILTER_VALIDATE_INT);
if (!$thesisId) {
$_SESSION['error'] = "ID invalide.";
App::flash('error', "ID invalide.");
header('Location: /admin/');
exit;
}
$db->setVisibility($thesisId, $accessTypeId);
$_SESSION['success'] = "Visibilité mise à jour.";
App::flash('success', "Visibilité mise à jour.");
}
} catch (Exception $e) {
error_log("visibility.php error: " . $e->getMessage());
$_SESSION['error'] = "Erreur : " . $e->getMessage();
App::flash('error', "Erreur : " . $e->getMessage());
}
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));