PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-07 03:29:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
43 Commits 1 Branch 0 Tags
f5d3281c43019f372aab1849ea13ded6b3c9c226
Commit Graph

7 Commits

Author SHA1 Message Date
Théophile Gervreau-Mercier
f5d3281c43 security: fix all LOW priority items from TODO.SECURITY.md 
Item 13 — Remove deprecated X-XSS-Protection header
- nginx/posterg.conf: header removed (was '1; mode=block')
- nginx/SECURITY_HEADERS.md: new file documenting header decisions
  and explaining why X-XSS-Protection is counterproductive

Item 14 — Add rel="noreferrer" to external target="_blank" link
- public/admin/thanks.php: rel="noopener" → rel="noopener noreferrer"

Item 15 — Explicit (int) casts on all integer HTML outputs
- public/index.php: (int) on item id, page numbers
- public/search.php: (int) on totalItems, year options, item id, pagination

Item 16 — Remove unused DATABASE_PATH constant
- config/bootstrap.php: define('DATABASE_PATH', ...) removed

docs/TODO.SECURITY.md updated: items 13-16 marked resolved and
moved to the  Resolved section.
 2026-02-08 13:54:02 +01:00
Théophile Gervreau-Mercier
4bbbc58e24 Fix admin CSS not loading and quirks mode issues 
Fixed multiple issues in admin panel:

1. CSS path: modern-normalize.css → modern-normalize.min.css
   (File is actually named .min.css)

2. Icon path: assets/icon.svg → /assets/admin_favicon.svg
   (Was relative, now absolute; correct filename)

3. Navigation: /admin/list.php → /admin/
   (list.php was renamed to index.php)

4. Short PHP tags: <? → <?php
   (Better compatibility, some servers don't enable short_open_tag)

5. Quirks mode warning was due to CSS not loading, not DOCTYPE
   (DOCTYPE was already present)

Files modified:
- public/admin/inc/head.php (main fixes)
- public/admin/index.php (short tags)
- public/admin/add.php (short tags)
- public/admin/import.php (short tags)

Need to redeploy for production: just deploy
 2026-02-06 13:26:24 +01:00
Pontoporeia
3ee32e17fa update du projet, xml collection enlevé et méthode fait maison ajouter 2023-05-12 09:38:08 +02:00
Pontoporeia
50d51d4d04 changement des pages dans custom en xml 2022-12-14 18:07:05 +01:00
Pontoporeia
63de7d525f changement des pages de base et test sur le css 2022-12-14 15:08:53 +01:00
Pontoporeia
76fc408a9a changment de nom 2022-12-14 14:55:44 +01:00
Pontoporeia
ba6ee35e31 push initial du projet par Stéphane 2022-12-10 14:32:31 +01:00