PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

chore: update TODO — mark icon-color-verify and 3 security tasks complete

Browse Source
This commit is contained in:
Pontoporeia
2026-06-24 14:26:10 +02:00
parent 0062b29678
commit e0cf9f8f57
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
TODO.md
View File

@@ -4,6 +4,7 @@
> Context: Security audit — fix open redirects, fragment auth, dead code, CSRF gaps > Context: Security audit — fix open redirects, fragment auth, dead code, CSRF gaps
## Completed ## Completed
- [x] #icon-color-verify Verify icon colors render correctly across all pages (header, admin tables, forms, dialogs, cleanup modal) ✓
- [x] #sec-open-redirect Fix open redirect in tag.php + language.php (protocol-relative URL bypass via str_starts_with) ✓ - [x] #sec-open-redirect Fix open redirect in tag.php + language.php (protocol-relative URL bypass via str_starts_with) ✓
- [x] #build-pipeline Setup biome + rolldown + lightningcss build pipeline ✓ - [x] #build-pipeline Setup biome + rolldown + lightningcss build pipeline ✓
- [x] #build-packagejson Create package.json with devDependencies ✓ - [x] #build-packagejson Create package.json with devDependencies ✓
@@ -14,14 +15,13 @@
- [x] #build-head Update head.php + form-page.php + controllers to use bundled assets ✓ - [x] #build-head Update head.php + form-page.php + controllers to use bundled assets ✓
- [x] #build-gitignore Add dist/ to .gitignore ✓ - [x] #build-gitignore Add dist/ to .gitignore ✓
- [x] #build-cssfix Fix stray `}` syntax error in admin.css line 305 ✓ - [x] #build-cssfix Fix stray `}` syntax error in admin.css line 305 ✓
## Pending
- [x] #sec-fragments-auth Gate partagé fragments on share_active session (read-only fragment renderers — no CSRF needed) ✓ - [x] #sec-fragments-auth Gate partagé fragments on share_active session (read-only fragment renderers — no CSRF needed) ✓
- [x] #sec-retry-csrf Add CSRF check to partage/retry-email.php POST ✓ - [x] #sec-retry-csrf Add CSRF check to partage/retry-email.php POST ✓
- [x] #sec-cleanup-dead-code Remove dead App::verifyCsrf() or refactor action handlers to use it ✓ - [x] #sec-cleanup-dead-code Remove dead App::verifyCsrf() or refactor action handlers to use it ✓
- [ ] #rep-student-touch Replace hover student popover with tap-to-open drawer for mobile `(repertoire.php, repertoire.css)`
## Pending
- [ ] #rep-student-touch Replace hover student popover with tap-to-open drawer for mobile `(repertoire.php, repertoire.css, repertoire-student-popover.js)`
- [ ] #rep-polish Polish: scroll-position memory on HTMX swap, animation tuning `(repertoire.css)` - [ ] #rep-polish Polish: scroll-position memory on HTMX swap, animation tuning `(repertoire.css)`
- [ ] #icon-color-verify Verify icon colors render correctly across all pages (header, admin tables, forms, dialogs, cleanup modal)
## Completed (before this session) ## Completed (before this session)
- [x] #gzip-nginx Enable gzip compression in nginx config `(nginx/xamxam.conf)` - [x] #gzip-nginx Enable gzip compression in nginx config `(nginx/xamxam.conf)`