Théophile Gervreau-Mercier
|
4bbbc58e24
|
Fix admin CSS not loading and quirks mode issues
Fixed multiple issues in admin panel:
1. CSS path: modern-normalize.css → modern-normalize.min.css
(File is actually named .min.css)
2. Icon path: assets/icon.svg → /assets/admin_favicon.svg
(Was relative, now absolute; correct filename)
3. Navigation: /admin/list.php → /admin/
(list.php was renamed to index.php)
4. Short PHP tags: <? → <?php
(Better compatibility, some servers don't enable short_open_tag)
5. Quirks mode warning was due to CSS not loading, not DOCTYPE
(DOCTYPE was already present)
Files modified:
- public/admin/inc/head.php (main fixes)
- public/admin/index.php (short tags)
- public/admin/add.php (short tags)
- public/admin/import.php (short tags)
Need to redeploy for production: just deploy
|
2026-02-06 13:26:24 +01:00 |
|
Théophile Gervreau-Mercier
|
467aced734
|
Restructure repository and implement secure search feature
Phase 1: Consolidate shared infrastructure
- Create shared/ directory for common code
- Consolidate Database.php from front-backend and formulaire into unified shared/Database.php
- Smart path detection for test.db vs posterg.db
- Secure search with wildcard escaping and input validation
- Support both singleton and direct instantiation patterns
- Full CRUD methods for admin functionality
- Move RateLimit.php to shared/ (30 requests/min)
- Update all require paths across apps to use shared/
Phase 2: Reorganize directory structure
- Rename front-backend/ → apps/public/
- Rename formulaire/ → apps/admin/
- Rename db/ → database/
- Update all file paths for new structure
- Create root .gitignore excluding databases, cache, logs
Implement secure search feature
- Add apps/public/search.php with full-text search across theses
- Search filters: query, year, orientation, AP program, keywords
- Security features:
- SQL injection prevention (prepared statements)
- Wildcard injection prevention (escape % and _)
- Input validation (max 200 chars, year range 1900-2100)
- Rate limiting (30 req/min per IP)
- Pagination limited to 100 results/page
- XSS protection (htmlspecialchars on output)
Add comprehensive test suite
- Create apps/public/tests/ with proper structure
- tests/Integration/SearchTest.php - 12 search scenarios
- tests/Security/SecurityTest.php - vulnerability testing
- tests/Unit/RateLimitTest.php - rate limit behavior
- Create database/fixtures/CreateTestDatabase.php
- Add apps/public/run-tests.php test runner
- All tests passing (4/4 suites)
Update deployment configuration
- Rename justfile 'sync' recipe to 'deploy'
- Create deploy group with separate deploy-public and deploy-admin
- Add test-deploy recipe for test database
- Exclude *.db, tests/, cache/, *.md from production deploy
- Deploy shared/ to both public and admin locations
Stats: +4482 insertions, -654 deletions across 72 files
|
2026-02-02 18:53:58 +01:00 |
|