PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: convert all file inputs to FilePond for standardized uploading

Browse Source 
- Add csv_import queue type (storeAsFile, no async upload) for CSV import dialog
- Convert file-field.php partial to FilePond with field-name→queue-type mapping
- Conditionally skip server config for storeAsFile queues in buildFilePondOptions
- Skip FilePond init for inputs inside closed <dialog> elements
- Trigger FilePond init when import dialog opens
- Load FilePond CSS/JS assets on admin index page
This commit is contained in:
Pontoporeia
2026-06-08 10:28:39 +02:00
parent fad38f4e0d
commit df70fba5d4
8 changed files with 1089 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
TODO.md
View File

@@ -1,7 +1,9 @@
# TODO # TODO
- [x] Convert all file inputs to FilePond (CSV import, file-field.php; fix dialog init + missing CSS/JS on index page)
- [x] Fix `account.php`: replace `!==` CSRF token check with `hash_equals` (constant-time comparison) - [x] Fix `account.php`: replace `!==` CSRF token check with `hash_equals` (constant-time comparison)
- [x] Fix `ShareLink::setPassword()`: also encrypt and store plain-text password, matching `create()` behavior - [x] Fix `ShareLink::setPassword()`: also encrypt and store plain-text password, matching `create()` behavior
- [x] Audit: confirm all remaining credential comparison sites use constant-time `hash_equals` or `password_verify` - [x] Audit: confirm all remaining credential comparison sites use constant-time `hash_equals` or `password_verify`
- [x] Fix `.gitignore`: anchor `vendor/` to root (`/vendor/`) so `app/public/assets/js/vendor/` (htmx, OverType, FilePond) is tracked - [x] Fix `.gitignore`: anchor `vendor/` to root (`/vendor/`) so `app/public/assets/js/vendor/` (htmx, OverType, FilePond) is tracked
- [x] Fix migration `025_lowercase_languages.sql`: deduplicate languages before LOWER() to avoid UNIQUE constraint violation (`Néerlandais`/`néerlandais`) - [x] Fix migration `025_lowercase_languages.sql`: deduplicate languages before LOWER() to avoid UNIQUE constraint violation (`Néerlandais`/`néerlandais`)
- [x] Fix home page: load ALL published theses grouped by year (desc), shuffled randomly within each year (instead of only ~20 from latest year)

2
app/public/admin/index.php
View File

@@ -515,6 +515,8 @@ if ($isHtmx) {
include APP_ROOT . '/templates/admin/index-table.php'; include APP_ROOT . '/templates/admin/index-table.php';
} }
} else { } else {
$extraCss = ['/assets/css/filepond.min.css', '/assets/css/filepond-plugin-image-preview.min.css'];
$extraJs = ['/assets/js/vendor/filepond.min.js', '/assets/js/vendor/filepond-plugin-file-validate-type.min.js', '/assets/js/vendor/filepond-plugin-file-validate-size.min.js', '/assets/js/vendor/filepond-plugin-image-preview.min.js', '/assets/js/vendor/filepond-plugin-image-exif-orientation.min.js', '/assets/js/app/file-upload-filepond.js'];
require_once APP_ROOT . '/templates/head.php'; require_once APP_ROOT . '/templates/head.php';
include APP_ROOT . '/templates/header.php'; include APP_ROOT . '/templates/header.php';
if ($tab === 'trash') { if ($tab === 'trash') {

33
app/public/assets/js/app/file-upload-filepond.js
View File

@@ -99,6 +99,18 @@
labelMaxFileSize: "Taille max: {filesize}", labelMaxFileSize: "Taille max: {filesize}",
allowMultiple: false, allowMultiple: false,
}, },
csv_import: {
acceptedFileTypes: ["text/csv"],
labelFileTypeNotAllowed: "Seulement CSV",
fileValidateTypeLabelExpectedTypes: "CSV",
maxFileSize: "50MB",
labelMaxFileSizeExceeded: "Fichier trop volumineux",
labelMaxFileSize: "Taille max: {filesize}",
allowMultiple: false,
// CSV import stays as storeAsFile (no async upload to process.php),
// so the form submits the file directly.
storeAsFile: true,
},
}; };
// ── Helpers ─────────────────────────────────────────────────────────── // ── Helpers ───────────────────────────────────────────────────────────
@@ -300,13 +312,11 @@
// Per-type max size overrides (for TFE: PDF=100MB, video/audio=2GB) // Per-type max size overrides (for TFE: PDF=100MB, video/audio=2GB)
var perExtMax = cfg.perExtensionMaxSize || {}; var perExtMax = cfg.perExtensionMaxSize || {};
return { // Base options shared by all queue types
var opts = {
allowMultiple: cfg.allowMultiple, allowMultiple: cfg.allowMultiple,
allowReorder: true, allowReorder: true,
// ── Async server model (replaces storeAsFile + allowProcess: false) ──
server: buildServerConfig(queueType),
// ── Native FilePond validation ── // ── Native FilePond validation ──
acceptedFileTypes: cfg.acceptedFileTypes, acceptedFileTypes: cfg.acceptedFileTypes,
labelFileTypeNotAllowed: cfg.labelFileTypeNotAllowed, labelFileTypeNotAllowed: cfg.labelFileTypeNotAllowed,
@@ -378,6 +388,16 @@
if (!error) syncOrderInput(queueType, this); if (!error) syncOrderInput(queueType, this);
}, },
}; };
// storeAsFile queues skip async upload; the file stays in the form
if (cfg.storeAsFile) {
opts.storeAsFile = true;
opts.allowProcess = false;
} else {
opts.server = buildServerConfig(queueType);
}
return opts;
} }
// ── Public API ──────────────────────────────────────────────────────── // ── Public API ────────────────────────────────────────────────────────
@@ -391,6 +411,11 @@
// Canonical duplicate check: FilePond.find() is the authoritative source // Canonical duplicate check: FilePond.find() is the authoritative source
if (FilePond.find(input)) return; if (FilePond.find(input)) return;
// Skip inputs inside closed <dialog> elements — FilePond can't render
// when the container has display:none. Initialize when the dialog opens.
var dialog = input.closest("dialog");
if (dialog && !dialog.open) return;
// Queue type: always from data-queue-type attribute // Queue type: always from data-queue-type attribute
var queueType = input.dataset.queueType || null; var queueType = input.dataset.queueType || null;
if (!queueType) return; if (!queueType) return;

20
app/src/Controllers/HomeController.php
View File

@@ -58,7 +58,7 @@ class HomeController
$year = null; $year = null;
} }
// Default home view: random theses from latest year (no year filter, no explicit page) // Default home view: all published theses grouped by year (desc), shuffled within each year
$isDefaultView = $year === null && $page === 1; $isDefaultView = $year === null && $page === 1;
$itemsToLoad = []; $itemsToLoad = [];
@@ -80,9 +80,21 @@ class HomeController
$totalItems = $this->db->countSearchResults(['year' => $year]); $totalItems = $this->db->countSearchResults(['year' => $year]);
} elseif ($isDefaultView) { } elseif ($isDefaultView) {
$latestYear = $this->db->getLatestPublishedYear(); $latestYear = $this->db->getLatestPublishedYear();
$itemsToLoad = $this->db->getLatestYearTheses( $allTheses = $this->db->getAllPublishedTheses();
self::ITEMS_PER_PAGE,
); // Group by year, shuffle randomly within each year
$byYear = [];
foreach ($allTheses as $thesis) {
$byYear[$thesis['year']][] = $thesis;
}
krsort($byYear, SORT_NUMERIC);
$itemsToLoad = [];
foreach ($byYear as $yearGroup) {
shuffle($yearGroup);
$itemsToLoad = array_merge($itemsToLoad, $yearGroup);
}
$totalItems = count($itemsToLoad); // no multi-page on default view $totalItems = count($itemsToLoad); // no multi-page on default view
} else { } else {
$itemsToLoad = $this->db->getPublishedTheses( $itemsToLoad = $this->db->getPublishedTheses(

1
app/storage/logs/admin-2026-06-08.log Normal file
View File

@@ -0,0 +1 @@
{"timestamp":"2026-06-08T08:33:36+00:00","ip":"127.0.0.1","user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:151.0) Gecko/20100101 Firefox/151.0","resource":"thesis","action":"publish","status":"success","context":{"count":143,"ids":[143,142,141,140,139,138,137,136,135,134,133,132,131,130,129,128,127,126,125,124,123,122,121,120,119,118,117,116,115,114,113,112,111,110,109,108,107,106,105,104,103,102,101,100,99,98,97,96,95,94,93,92,91,90,89,88,87,86,85,84,83,82,81,80,79,78,77,76,75,74,73,72,71,70,69,68,67,66,65,64,63,62,61,60,59,58,57,56,55,54,53,52,51,50,49,48,47,46,45,44,43,42,41,40,39,38,37,36,35,34,33,32,31,30,29,28,27,26,25,24,23,22,21,20,19,18,17,16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1]}}

1014
app/storage/logs/audit-2026-06-08.log Normal file
View File

File diff suppressed because it is too large Load Diff

8
app/templates/admin/index.php
View File

@@ -46,7 +46,7 @@ document.addEventListener('htmx:afterSwap',()=>{document.querySelectorAll('input
</button> </button>
<?php endif; ?> <?php endif; ?>
<button type="button" class="btn btn--primary btn--sm" id="import-dialog-btn" <button type="button" class="btn btn--primary btn--sm" id="import-dialog-btn"
onclick="document.getElementById('import-dialog').showModal()"> onclick="document.getElementById('import-dialog').showModal(); window.XamxamInitFilePonds()">
Importer Importer
</button> </button>
</div> </div>
@@ -214,7 +214,11 @@ document.addEventListener('htmx:afterSwap',()=>{document.querySelectorAll('input
<div> <div>
<label for="csv_file">Fichier CSV</label> <label for="csv_file">Fichier CSV</label>
<div class="admin-file-input"> <div class="admin-file-input">
<input type="file" id="csv_file" name="csv_file" accept=".csv" required> <input type="file" id="csv_file"
name="csv_file"
class="tfe-file-picker"
data-queue-type="csv_import"
required>
<small class="admin-file-hint"> <small class="admin-file-hint">
Colonnes : Identifiant, Titre, Sous-titre, Auteur·ice(s), Contact, Promoteur·ice(s), Format, Année, AP, Orientation, Finalité, Mots-clés, Synopsis, Contexte, Remarques, Langue, Autorisation, License, taille, Points sur 20, lien BAIU<br> Colonnes : Identifiant, Titre, Sous-titre, Auteur·ice(s), Contact, Promoteur·ice(s), Format, Année, AP, Orientation, Finalité, Mots-clés, Synopsis, Contexte, Remarques, Langue, Autorisation, License, taille, Points sur 20, lien BAIU<br>
Quatre premières lignes ignorées — Séparateur : virgule — UTF-8 Quatre premières lignes ignorées — Séparateur : virgule — UTF-8

50
app/templates/partials/form/file-field.php
View File

@@ -1,16 +1,16 @@
<?php <?php
/** /**
* File input partial. * File input partial — FilePond-powered.
* *
* Variables consumed: * Variables consumed:
* string $name — input name attribute (used for id too unless $id set) * string $name — input name attribute (used for id too unless $id set)
* string $label — visible label text * string $label — visible label text
* string $accept — MIME types / extensions for the accept attribute (e.g. 'image/jpeg,image/png') * string $accept — MIME types / extensions (informational; FilePond validates via queue config)
* string|null $hint — optional hint shown in <small> below the input * string|null $hint — optional hint shown in <small> below the input
* bool $required — whether the field is required; default false * bool $required — whether the field is required; default false
* bool $multiple — whether to allow multiple file selection; default false * bool $multiple — whether to allow multiple file selection; default false
* string|null $id — override the id attribute (defaults to $name) * string|null $id — override the id attribute (defaults to $name)
* string|null $fieldName — validation field name for HTMX inline validation ('couverture', 'note_intention', 'tfe', 'annexes') * string|null $fieldName — mapped to FilePond queue-type: 'couverture'→cover, 'note_intention'→note_intention, 'annexes'→annexe
*/ */
$accept = $accept ?? ''; $accept = $accept ?? '';
@@ -19,41 +19,29 @@ $hintRaw = $hintRaw ?? false; // when true, $hint is emitted as raw HTML
$required = $required ?? false; $required = $required ?? false;
$multiple = $multiple ?? false; $multiple = $multiple ?? false;
$id = $id ?? $name; $id = $id ?? $name;
$fieldName = $fieldName ?? $name; // validation field name $fieldName = $fieldName ?? $name;
$previewId = 'fp-' . htmlspecialchars($id);
// Determine HTMX POST endpoint for inline file validation // Map legacy field names to FilePond queue types
if (defined('ADMIN_MODE') && ADMIN_MODE) { $queueTypeMap = [
$validateUrl = '/admin/fragments/validate-file.php'; 'couverture' => 'cover',
} else { 'note_intention' => 'note_intention',
$validateUrl = '/partage/fragments/validate-file.php'; 'annexes' => 'annexe',
} ];
$queueType = $queueTypeMap[$fieldName] ?? null;
?> ?>
<div> <div class="admin-form-group">
<label for="<?= htmlspecialchars($id) ?>"><?= htmlspecialchars($label) ?><?= $required ? ' <span class="asterisk">*</span>' : '' ?></label> <label for="<?= htmlspecialchars($id) ?>"><?= htmlspecialchars($label) ?><?= $required ? ' <span class="asterisk">*</span>' : '' ?></label>
<!-- HTMX validation: scoped to this field --> <div class="admin-file-input">
<form class="admin-file-input file-validation-form"
hx-post="<?= htmlspecialchars($validateUrl) ?>"
hx-encoding="multipart/form-data"
hx-trigger="change from:input[type='file']"
hx-target="find .file-validation-msg"
hx-swap="innerHTML"
hx-sync="replace">
<input type="hidden" name="field_name" value="<?= htmlspecialchars($fieldName) ?>">
<input type="hidden" name="admin_mode" value="<?= ($adminMode ?? false) ? '1' : '0' ?>">
<input type="file" <input type="file"
id="<?= htmlspecialchars($id) ?>" id="<?= htmlspecialchars($id) ?>"
name="<?= htmlspecialchars($name) ?><?= $multiple ? '[]' : '' ?>" name="queue_file[<?= htmlspecialchars($queueType ?? $fieldName) ?>][]"
<?= $accept ? 'accept="' . htmlspecialchars($accept) . '"' : '' ?> class="tfe-file-picker"
<?= $multiple ? 'multiple' : '' ?> data-queue-type="<?= htmlspecialchars($queueType ?? 'annexe') ?>"
<?= $required ? 'required' : '' ?> <?= $required ? 'required' : '' ?>>
data-preview="<?= $previewId ?>">
<div class="file-validation-msg" aria-live="polite"></div>
<div id="<?= $previewId ?>" class="file-preview-list" aria-live="polite"></div>
<?php if ($hint): ?> <?php if ($hint): ?>
<small><?= $hintRaw ? $hint : htmlspecialchars($hint) ?></small> <small><?= $hintRaw ? $hint : htmlspecialchars($hint) ?></small>
<?php endif; ?> <?php endif; ?>
</form> </div>
</div> </div>
<?php <?php
unset($accept, $hint, $hintRaw, $required, $multiple, $id, $fieldName, $previewId, $validateUrl); unset($accept, $hint, $hintRaw, $required, $multiple, $id, $fieldName, $queueType, $queueTypeMap);