PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Split form.css into form-base.css and form-admin.css, drop dead upload-progress code

Browse Source 
Also introduces $extraCssAdmin support in head.php for admin-only
stylesheets (form-admin.css, filepond CSS, system.css). Admin pages
now use $extraCssAdmin for admin-only assets and $extraCss for
shared stylesheets like form-base.css.
This commit is contained in:
Pontoporeia
2026-06-11 11:04:01 +02:00
parent 99125cc8e3
commit cbd369bc72
15 changed files with 250 additions and 682 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/public/admin/actions/edit.php
View File

@@ -32,12 +32,7 @@ require_once APP_ROOT . '/src/ErrorHandler.php';
try {
$ctrl = ThesisEditController::create();
$progressToken = $_POST['progress_token'] ?? bin2hex(random_bytes(8));
$ctrl->save($thesisId, $_POST, $_FILES, $progressToken);
// Clean up progress file
require_once APP_ROOT . '/src/PeerTubeService.php';
PeerTubeService::clearProgress($progressToken);
$ctrl->save($thesisId, $_POST, $_FILES);
// Regenerate CSRF token after successful save
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));

45
app/public/admin/actions/upload-progress.php
View File

@@ -1,45 +0,0 @@
<?php
/**
* upload-progress.php
*
* Returns the current upload/processing progress for a given token.
* Called by the client-side upload-progress.js while the form XHR is in flight.
*
* GET /admin/actions/upload-progress.php?token=<token>
*
* Response: JSON
* { "stage": "upload"|"processing"|"done", "pct": 45, "file": "video.mp4" }
*
* Progress data is written by ThesisEditController / ThesisCreateController
* to a temp file during processing.
*/
require_once __DIR__ . '/../../../bootstrap.php';
// No AdminAuth check here — this endpoint is called by client-side JS during
// both admin and partage (student) form uploads. Access is guarded by the
// progress token (64 bits of entropy, fresh per form render) which must match
// a temp file that only exists during an active upload.
header('Content-Type: application/json');
$token = $_GET['token'] ?? '';
if (!preg_match('/^[a-f0-9]{16}$/', $token)) {
echo json_encode(['stage' => 'error', 'error' => 'Invalid token']);
exit;
}
$progressFile = sys_get_temp_dir() . '/xamxam_upload_' . $token . '.json';
if (!file_exists($progressFile)) {
// No progress file yet — still in upload phase (or token invalid)
echo json_encode(['stage' => 'upload', 'pct' => 0, 'file' => '']);
exit;
}
$data = json_decode(file_get_contents($progressFile), true);
if (!$data) {
echo json_encode(['stage' => 'upload', 'pct' => 0, 'file' => '']);
exit;
}
echo json_encode($data);