mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-06-25 16:19:19 +02:00
fix: add hx-swap="none" to admin auto-save checkboxes to prevent page swap
This commit is contained in:
Pontoporeia
@@ -100,16 +100,13 @@ if ($section === 'formulaire') {
|
||||
App::flash('error', "Section inconnue.");
|
||||
}
|
||||
|
||||
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
|
||||
|
||||
if ($isHxRequest) {
|
||||
// Return updated CSRF tokens for all three hidden inputs on the page
|
||||
$newToken = htmlspecialchars($_SESSION['csrf_token']);
|
||||
echo '<input type="hidden" id="csrf_token_files" value="' . $newToken . '" hx-swap-oob="true">';
|
||||
echo '<input type="hidden" id="csrf_token_acces" value="' . $newToken . '" hx-swap-oob="true">';
|
||||
echo '<input type="hidden" id="csrf_token_types" value="' . $newToken . '" hx-swap-oob="true">';
|
||||
// Auto-save from contenus.php — no CSRF rotation needed (token reused until full page load).
|
||||
// Return empty 200 so hx-swap="none" is a no-op.
|
||||
http_response_code(200);
|
||||
exit;
|
||||
}
|
||||
|
||||
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
|
||||
header('Location: /admin/parametres.php');
|
||||
exit;
|
||||
|
||||
@@ -558,6 +558,19 @@
|
||||
+%%%%%%% diff from: somsyvxz 249f7943 "Bulk bar anti-shift, tags icons, AP no-wrap, credits reorder" (rebased revision)
|
||||
+\\\\\\\ to: olzzwmwr 82533c5a "feat: require 3 mots-clés in partage, language asterisk toggle, admin auto-save checkboxes" (rebased revision)
|
||||
++ $linkName = $link['name'] ?? '';
|
||||
++ $linkExpiresVal = $link['expires_at'] ? date('Y-m-d\TH:i', strtotime($link['expires_at'])) : '';
|
||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% diff from: olzzwmwr 82533c5a "feat: require 3 mots-clés in partage, language asterisk toggle, admin auto-save checkboxes" (rebased revision)
|
||||
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ to: somsyvxz 249f7943 "Bulk bar anti-shift, tags icons, AP no-wrap, credits reorder" (rebased revision)
|
||||
- $linkName = $link['name'] ?? '';
|
||||
- $linkExpiresVal = $link['expires_at'] ? date('Y-m-d\TH:i', strtotime($link['expires_at'])) : '';
|
||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% diff from: somsyvxz 14a3cd10 "Bulk bar anti-shift, tags icons, AP no-wrap, credits reorder" (rebase destination)
|
||||
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ to: nlvsnzkz bb34ea85 "fix: add hx-swap="none" to admin auto-save checkboxes to prevent page swap" (rebased revision)
|
||||
$linkName = $link['name'] ?? '';
|
||||
$linkExpiresVal = $link['expires_at'] ? date('Y-m-d\TH:i', strtotime($link['expires_at'])) : '';
|
||||
$linkLockedYear = $link['locked_year'] ?? null;
|
||||
+%%%%%%% diff from: somsyvxz 249f7943 "Bulk bar anti-shift, tags icons, AP no-wrap, credits reorder" (rebased revision)
|
||||
+\\\\\\\ to: nlvsnzkz 0f4613f5 "fix: add hx-swap="none" to admin auto-save checkboxes to prevent page swap" (rebased revision)
|
||||
++ $linkName = $link['name'] ?? '';
|
||||
++ $linkExpiresVal = $link['expires_at'] ? date('Y-m-d\TH:i', strtotime($link['expires_at'])) : '';
|
||||
?>
|
||||
<tr class="admin-table-row" onclick="event.stopPropagation(); window.open('/partage/<?= urlencode($link['slug']) ?>', '_blank')" style="cursor:pointer">
|
||||
|
||||
@@ -89,7 +89,7 @@
|
||||
<legend>Restrictions d'accès aux fichiers</legend>
|
||||
|
||||
<div class="param-form">
|
||||
<input type="hidden" id="csrf_token_files" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
|
||||
<input type="hidden" id="settings-csrf" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
|
||||
|
||||
<label class="param-checkbox">
|
||||
<input type="checkbox" name="restricted_files_enabled" value="1"
|
||||
@@ -97,7 +97,7 @@
|
||||
hx-post="/admin/actions/settings.php"
|
||||
hx-trigger="change"
|
||||
hx-swap="none"
|
||||
hx-include="#csrf_token_files"
|
||||
hx-include="#settings-csrf"
|
||||
hx-vals='{"section":"formulaire"}'>
|
||||
<span>
|
||||
<strong>Activer la restriction d'accès</strong><br>
|
||||
@@ -112,7 +112,7 @@
|
||||
<p>Options de visibilité disponibles dans le formulaire d'ajout de TFE.</p>
|
||||
|
||||
<div class="param-form">
|
||||
<input type="hidden" id="csrf_token_acces" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
|
||||
<input type="hidden" id="settings-csrf-acces" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
|
||||
|
||||
<label class="param-checkbox">
|
||||
<input type="checkbox" name="access_type_libre_enabled" value="1"
|
||||
@@ -120,7 +120,7 @@
|
||||
hx-post="/admin/actions/settings.php"
|
||||
hx-trigger="change"
|
||||
hx-swap="none"
|
||||
hx-include="#csrf_token_acces"
|
||||
hx-include="#settings-csrf-acces"
|
||||
hx-vals='{"section":"formulaire"}'>
|
||||
<span>
|
||||
<strong>Libre</strong><br>
|
||||
@@ -134,7 +134,7 @@
|
||||
hx-post="/admin/actions/settings.php"
|
||||
hx-trigger="change"
|
||||
hx-swap="none"
|
||||
hx-include="#csrf_token_acces"
|
||||
hx-include="#settings-csrf-acces"
|
||||
hx-vals='{"section":"formulaire"}'>
|
||||
<span>
|
||||
<strong>Interne</strong><br>
|
||||
@@ -148,7 +148,7 @@
|
||||
hx-post="/admin/actions/settings.php"
|
||||
hx-trigger="change"
|
||||
hx-swap="none"
|
||||
hx-include="#csrf_token_acces"
|
||||
hx-include="#settings-csrf-acces"
|
||||
hx-vals='{"section":"formulaire"}'>
|
||||
<span>
|
||||
<strong>Interdit</strong><br>
|
||||
@@ -164,7 +164,7 @@
|
||||
<p class="param-note">Le type <strong>TFE</strong> est toujours actif et ne peut pas être désactivé.</p>
|
||||
|
||||
<div class="param-form">
|
||||
<input type="hidden" id="csrf_token_types" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
|
||||
<input type="hidden" id="settings-csrf-types" name="csrf_token" value="<?= htmlspecialchars($_SESSION['csrf_token']) ?>">
|
||||
|
||||
<label class="param-checkbox param-checkbox--disabled">
|
||||
<input type="checkbox" disabled checked>
|
||||
@@ -180,7 +180,7 @@
|
||||
hx-post="/admin/actions/settings.php"
|
||||
hx-trigger="change"
|
||||
hx-swap="none"
|
||||
hx-include="#csrf_token_types"
|
||||
hx-include="#settings-csrf-types"
|
||||
hx-vals='{"section":"objet_types"}'>
|
||||
<span>
|
||||
<strong>Thèse</strong><br>
|
||||
@@ -194,7 +194,7 @@
|
||||
hx-post="/admin/actions/settings.php"
|
||||
hx-trigger="change"
|
||||
hx-swap="none"
|
||||
hx-include="#csrf_token_types"
|
||||
hx-include="#settings-csrf-types"
|
||||
hx-vals='{"section":"objet_types"}'>
|
||||
<span>
|
||||
<strong>Frart</strong><br>
|
||||
|
||||
Reference in New Issue
Block a user