From e0cf9f8f5746f8b4d6d7f1d4b9cfe6b4a4415e79 Mon Sep 17 00:00:00 2001 From: Pontoporeia Date: Wed, 24 Jun 2026 14:26:10 +0200 Subject: [PATCH] =?UTF-8?q?chore:=20update=20TODO=20=E2=80=94=20mark=20ico?= =?UTF-8?q?n-color-verify=20and=203=20security=20tasks=20complete?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- TODO.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/TODO.md b/TODO.md index 9747fb5..82e789d 100644 --- a/TODO.md +++ b/TODO.md @@ -4,6 +4,7 @@ > Context: Security audit — fix open redirects, fragment auth, dead code, CSRF gaps ## Completed +- [x] #icon-color-verify Verify icon colors render correctly across all pages (header, admin tables, forms, dialogs, cleanup modal) ✓ - [x] #sec-open-redirect Fix open redirect in tag.php + language.php (protocol-relative URL bypass via str_starts_with) ✓ - [x] #build-pipeline Setup biome + rolldown + lightningcss build pipeline ✓ - [x] #build-packagejson Create package.json with devDependencies ✓ @@ -14,14 +15,13 @@ - [x] #build-head Update head.php + form-page.php + controllers to use bundled assets ✓ - [x] #build-gitignore Add dist/ to .gitignore ✓ - [x] #build-cssfix Fix stray `}` syntax error in admin.css line 305 ✓ - -## Pending - [x] #sec-fragments-auth Gate partagé fragments on share_active session (read-only fragment renderers — no CSRF needed) ✓ - [x] #sec-retry-csrf Add CSRF check to partage/retry-email.php POST ✓ - [x] #sec-cleanup-dead-code Remove dead App::verifyCsrf() or refactor action handlers to use it ✓ -- [ ] #rep-student-touch Replace hover student popover with tap-to-open drawer for mobile `(repertoire.php, repertoire.css)` + +## Pending +- [ ] #rep-student-touch Replace hover student popover with tap-to-open drawer for mobile `(repertoire.php, repertoire.css, repertoire-student-popover.js)` - [ ] #rep-polish Polish: scroll-position memory on HTMX swap, animation tuning `(repertoire.css)` -- [ ] #icon-color-verify Verify icon colors render correctly across all pages (header, admin tables, forms, dialogs, cleanup modal) ## Completed (before this session) - [x] #gzip-nginx Enable gzip compression in nginx config `(nginx/xamxam.conf)` ✓