PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: add hx-swap="none" to admin auto-save checkboxes to prevent page swap

Browse Source
This commit is contained in:
Pontoporeia
2026-05-11 00:34:36 +02:00
parent cf9bd5cd5d
commit 7e987d281c
4 changed files with 26 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
app/public/admin/actions/settings.php
View File

@@ -100,16 +100,13 @@ if ($section === 'formulaire') {
App::flash('error', "Section inconnue.");
}
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
if ($isHxRequest) {
// Return updated CSRF tokens for all three hidden inputs on the page
$newToken = htmlspecialchars($_SESSION['csrf_token']);
echo '<input type="hidden" id="csrf_token_files" value="' . $newToken . '" hx-swap-oob="true">';
echo '<input type="hidden" id="csrf_token_acces" value="' . $newToken . '" hx-swap-oob="true">';
echo '<input type="hidden" id="csrf_token_types" value="' . $newToken . '" hx-swap-oob="true">';
// Auto-save from contenus.php — no CSRF rotation needed (token reused until full page load).
// Return empty 200 so hx-swap="none" is a no-op.
http_response_code(200);
exit;
}
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
header('Location: /admin/parametres.php');
exit;