- Edit mode now uses the same fichiers-fragment.php as add and partage,
instead of duplicating the format checkboxes + new-file upload + website
URL fieldsets.
- Edit-only elements (existing files list, cover replace) stay in
a separate #edit-existing-files-block below the shared fragment.
- Removed .zip/.tar/.gz from the main TFE upload accept in both
fichiers-fragment.php and fieldset-files.php. Archives go only
in the Annexes file input.
- Removed admin/format-website-fragment.php dependency from edit
(no longer needed — the shared fragment handles website too).
fix: jury repop crash + hx-preserve on file inputs, remove zip/tar from tfe accept
- Jury fieldset add-mode repopulation now handles both scalar (legacy)
and array (new dynamic multi-row) values for jury_promoteur and
jury_promoteur_ulb_name. htmlspecialchars() was choking on array value.
- All file inputs in fichiers-fragment.php wrapped in hx-preserve
containers so HTMX swaps don't wipe user-selected files when toggling
formats or the annexes checkbox.
- Removed .zip/.tar/.gz from main TFE file accept — archives only via
annexes input (which already had multiple + correct accept).
- Edit mode now reuses the same fichiers-fragment.php fragment.
fix: file inputs re-initialize after HTMX swap via inline script
- Exposed window.XamxamInitFileUploads from file-upload-queue.js IIFE
so HTMX fragments can trigger re-binding without a global listener.
- fichiers-fragment.php emits <script>XamxamInitFileUploads()</script>
at the end of the #format-fichiers-block fragment.
- Removed hx-preserve wrappers — they prevented re-render after
format/annexes toggles changed visible inputs.
- This also fixes .zip removal from TFE accept and jury repopulation
array crash from the previous commit.
refactor: simplify file-upload-queue.js, remove file-preview.js
- file-upload-queue.js rewritten from ~250 lines to ~120 lines:
no more DataTransfer machinery, no IIFE wrapper, uses .onchange
instead of addEventListener for simpler HTMX re-init.
- window.XamxamInitFileUploads is the function itself (not an IIFE export).
- Merged file-preview.js functionality into file-upload-queue.js
(single-file .data-preview handling). Deleted file-preview.js.
- fichiers-fragment.php inline script calls XamxamInitFileUploads()
after every HTMX swap (same as before).
debug: add console.log to file-upload-queue.js for file input behavior
Adds logging at key points to diagnose why only one file is displayed:
- XamxamInitFileUploads called
- TFE queue picker init (id, multiple attribute state)
- onchange event (files count, names)
- fileArray post-concat length
- Single-file preview bindings (id, multiple attribute)
Remove after debug session.
Requirements:
- parametres.php toggle: 'restricted_files_enabled' enables/disables the feature
- Public TFE page: when enabled + access_type=Interne, hides files, shows French
restriction message + access request form (metadata/synopsis still visible)
- ERG emails (@erg.school / @erg.be): auto-approve, send 24h access link immediately
- External emails: show justification textarea, create pending request, notify admin
- Admin panel /admin/file-access.php: approve/reject requests with optional notes,
sends access email on approval (linked from admin nav with pending count badge)
Security:
- One-time 24h email tokens (used_at + is_valid=0 on first click)
- Token redeemed via POST /validate-access (GET shows confirmation page only)
- Long-lived 30-day browser session in file_access_sessions table
- Cookie: HttpOnly + Secure + SameSite=Strict
- CSRF on all mutations, rate limiting on request submission
- Audit trail: IP, UA, event, timestamp in file_access_audit
Bug fixes:
- admin/file-access.php: $vars never extract()ed → page was blank
- Template had self-contained head/footer includes (double-include)
- Admin approval URL used $requestId instead of $request['thesis_id']
- App::boot() now starts session so CSRF token works on public pages
- Dispatcher routes /validate-access and /request-access through front controller
