cleanup: remove _write guard — FilePond external API doesn't expose _write

ro=['fire','_read','_write'] is an exclusion list in Ee(), not an inclusion list. The external pond object has none of these. The only safe interception point is inside the closure (vendor patch), but the root-cause fix (fileValidateSizeFilter .filename → .name) already prevents the crash.
2026-06-25 16:19:19 +02:00 · 2026-06-09 23:35:53 +02:00
parent 6d93199fa2
commit fb752f5ba2
8 changed files with 34 additions and 6 deletions
--- a/app/public/assets/js/app/file-upload-filepond.js
+++ b/app/public/assets/js/app/file-upload-filepond.js
@@ -142,6 +142,7 @@
 	 * Get extension from filename (lowercase).
 	 */
 	function getExt(name) {
+		if (!name) return "";
 		var m = name.match(/\.([^./]+)$/);
 		return m ? m[1].toLowerCase() : "";
 	}
@@ -253,10 +254,11 @@
 				onload: (response) => {
 					var id = response.trim();
 					// Guard: if the server returned an error message disguised as 200,
-					// treat it as a processing error so FilePond doesn't treat it as a serverId.
+					// return a distinguishable error marker instead of a valid serverId.
+					// Throwing here crashes FilePond internally (no try/catch in the wrapper).
 					if (id.length > 64 || /[<>\n\r]/.test(id)) {
 						console.error("[filepond] process onload | unexpected response | body=" + id.substring(0, 200));
-						throw new Error("Réponse serveur inattendue.");
+						return "__error__" + id.substring(0, 32);
 					}
 					console.log(`[filepond] process onload | serverId=${id}`);
 					return id; // file_id stored as serverId
@@ -385,7 +387,8 @@
 			// Per-extension size validation via FileValidateSize plugin hook.
 			// Falls back to beforeAddFile for silent rejection (the plugin shows the error).
 			fileValidateSizeFilter: (item) => {
-				var ext = getExt(item.filename);
+				// item may be a raw File/Blob (.name) or a FilePond item wrapper (.filename)
+				var ext = getExt(item.filename || item.name);
 				if (ext && perExtMax[ext]) {
 					return parseSize(perExtMax[ext]); // per-extension cap for this item
 				}
--- a/app/public/partage/index.php
+++ b/app/public/partage/index.php
@@ -22,6 +22,19 @@ $parts = explode('/', $path);
 $slug  = $parts[0] ?? '';
 $action = $parts[1] ?? '';

+// Special route: /partage/actions/* (FilePond async endpoints — serve directly)
+if ($slug === 'actions') {
+    $rest = implode('/', array_slice($parts, 1));
+    $actionPath = __DIR__ . '/actions/' . $rest;
+    if (file_exists($actionPath)) {
+        require_once $actionPath;
+    } else {
+        http_response_code(404);
+        exit;
+    }
+    exit;
+}
+
 // Special route: /partage/fragments/* (HTMX fragments under fragments/ subdirectory)
 if ($slug === 'fragments' && $_SERVER['REQUEST_METHOD'] === 'POST') {
    App::boot();