Root cause: SQLite uses BINARY collation, so WHERE name = ? is
case-sensitive. When changing 'john doe' to 'John Doe', the name
lookup failed and fell through to the email path which didn't update
the name. The previous fix only added UPDATE in the name-match branch.
Fixes in findOrCreateAuthor:
1. Accept optional $idHint parameter — when known (edit flow), update
directly by ID (fastest, zero ambiguity)
2. Add COLLATE NOCASE to the name lookup (fallback path)
3. Add UPDATE in the email fallback path too
setThesisAuthors now fetches existing author_ids before deletion and
passes them as position-based hints, so identity is always preserved.
- Fix#1: Add is_published to getThesisRawFields() SELECT so the publish
checkbox stays checked when editing an already-published TFE.
- Fix#2: Rename 'Note contextuelle' → 'Note contextuelle relative à
soutenance' in all templates and StudentEmail.
- Fix#3: Update findOrCreateAuthor to also UPDATE the author name when
a record is found by name (fixes inability to capitalise names).
- Fix #4/#5: Decouple contact_interne (private author email) from
contact_visible (public contact on TFE page). Add migration 037 to
add contact_visible TEXT column to theses table and rebuild
v_theses_full view. Update all controllers, templates, and DB methods
to treat them independently.
- Fix#6: Investigated libre→interne restriction — no code barrier
found; likely resolved by is_published fix.
- Identifiant: mise à jour automatique quand l'année change en back-office (updateThesis + ThesisEditController)
- Contact: hint enrichi (1 seul contact, formatage Instagram/Mastodon)
- Fichiers: TFE rendu optionnel pour Site web/Performance/Installation (note d'intention reste obligatoire)
Base.css applies word-break: break-word to all elements inside <main>,
causing mid-word breaks in narrow columns. Override in repertoire.css:
- hyphens: none, word-break: normal, overflow-wrap: normal on all h2
- redistribute grid fractions: shrink Orientations (1.2→0.9fr),
Étudiantes (1→0.8fr), boost Finalité (0.7→0.9fr, min 7rem)
- Ajout de PeerTubeService::deleteVideo() qui appelle DELETE /api/v1/videos/{uuid}
- deleteThesisFileToTrash() appelle maintenant deleteVideo() pour les fichiers peertube_ids:
- hardDeleteThesis() supprime aussi les vidéos PeerTube associées
- Contacts: on peut laisser vide le nom OU le rôle (plus besoin des deux)
- Sidebar: les liens « site de l'erg » et « code source » sont éditables depuis /admin/contenus-edit.php?slug=about
- Admin: les champs Nom/Email/Lien des contacts s'affichent en grille 3 colonnes
- Admin: icône corbeille (admin-icon-btn--delete) pour supprimer un contact, avec réindexation automatique
- Database::getAproposContent() gère maintenant les valeurs string (URLs) en plus des arrays
- Database::saveAproposContent() accepte array|string
The 'Activer la restriction d'accès' checkbox in /admin/acces.php used
htmx to POST to settings.php but the #fieldset-restrictions container
was missing a csrf_token hidden input. This caused two bugs:
1. 'Erreur de sécurité, token invalide' error
2. Full /admin/parametres.php HTML injected into #restrictions-response
(due to HTMX following the 302 redirect on CSRF failure)
- Add csv_import queue type (storeAsFile, no async upload) for CSV import dialog
- Convert file-field.php partial to FilePond with field-name→queue-type mapping
- Conditionally skip server config for storeAsFile queues in buildFilePondOptions
- Skip FilePond init for inputs inside closed <dialog> elements
- Trigger FilePond init when import dialog opens
- Load FilePond CSS/JS assets on admin index page
Two rows (Néerlandais id=5, néerlandais id=3) collided when lowercased,
violating the UNIQUE constraint on languages.name.
Added DELETE to keep the lowest-ID row per LOWER(name) group before
the UPDATE SET name = LOWER(name).
- account.php: replace !== CSRF token check with hash_equals
- ShareLink::setPassword(): also encrypt and store plain-text password
alongside the hash, matching create() behavior so the decrypted_password
decoration stays correct after password updates
- Remove 'Mots-clés' button from toolbar (redundant with admin sidebar tags)
- Replace export dialog with 'Exporter CSV' + 'Exporter fichiers' buttons in bulk selection bar
- Export dispatcher now accepts ?ids=1,2,3 for per-selection export
- All ExportController/Database methods accept optional thesisIds array
- Graceful error message when ZipArchive extension is missing on server
- Move DB export (SQLite download) to paramètres → Maintenance section
- Sticky table column headers (position: sticky, top: 0, z-index: 5) for index page table
- After relink, always close the modal (even if FilePond input not found,
e.g. page refreshed by live-reload during the fetch).
- After closing, re-fetch #format-fichiers-block via HTMX from
/admin/fragments/fichiers.php?_thesis_id=N which loads thesis files
from DB and re-renders the fragment with pre-populated FilePond pools.
The afterSwap handler auto-reinitializes FilePond instances.
- Updated admin/fragments/fichiers.php to accept _thesis_id, load
existing files from DB, build per-queue-type JSON, and render in
edit mode.
- Fix addFile argument format: FilePond.addFile() takes (source, options)
as two separate arguments, not a single {source, options} object.
- Change .filepond--file default border from accent-yellow to accent-green.
Existing files loaded in edit mode have type 'local' and never reach
processing-complete state, so they got the yellow border.
- Change relinked file add from type 'local' to 'limbo'. Limbo items
go through DID_COMPLETE_ITEM_PROCESSING which triggers onprocessfile
(ensures syncOrderInput runs with serverId available) and renders
the green checkmark visual.
- Await addFile Promise and close modal in .then() instead of
immediately, ensuring the item is created before cleanup.
- Remove duplicate modal.close() after the addFile block.
1. note_intention: Delete old file only when a genuinely new upload arrives
(32-char hex file_id), not when the FilePond pool preserves an existing
file by sending its DB integer ID. Previously the DB integer ID
triggered $hasNewNote=true, which deleted the existing note_intention
from disk+DB, then handleFilePondSingleFile couldn't re-process it
because the regex requires a hex pattern. Same fix applied to cover.
2. All file deletions now use deleteThesisFileToTrash() which renames
files to tmp/_trash/ instead of unlinking. The trash preserves
original filenames prefixed with DB id for traceability. Skips
website URLs and PeerTube refs (no disk file).
3. Storage prefix changed from theses/ to documents/ to reflect that
the folder holds all document types (determined by file_type in DB).
MediaController visibility gate supports both prefixes for backward
compat with existing files.
4. File browser + relink feature for orphaned files:
- /admin/fragments/file-browser.php — HTMX tree browser for
storage/documents/ and storage/theses/
- /admin/actions/filepond/relink.php — POST endpoint that inserts
a thesis_files row pointing to existing on-disk file
- Per-pool "📂 Relier" buttons (edit mode only)
- JS: XamxamOpenFileBrowser / XamxamRelinkFile with FilePond integration
- CSS: .relink-modal dialog + .file-browser tree styles
Extract shared filepond logic into src/FilepondHandler.php class.
Admin filepond endpoints delegate to the handler after AdminAuth check.
New partage filepond endpoints at /partage/actions/filepond/ verify
share_active session flag + CSRF token, no admin auth required.
JS reads filepond-base meta tag to determine endpoint path:
- Admin pages: /admin/actions/filepond (via head.php isAdmin check)
- Partage form: /partage/actions/filepond (explicit meta)
partage/index.php sets share_active = true on form render, cleans up on
successful submit. Partage process endpoint rate-limited to 30/5min per
session. No nginx changes needed — /partage/ location already handles
PHP without auth_basic.
