mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-06-25 16:19:19 +02:00
38dc8de9d8
Added EmailObfuscator class (src/EmailObfuscator.php) that converts email addresses to HTML decimal entities (e.g. foo@...) so browsers render them correctly but bots and scrapers see gibberish. Methods: - email($addr): obfuscate for display in HTML content - mailto($addr): return obfuscated mailto: href - obfuscateHtml($html): post-process rendered HTML to obfuscate all mailto: links (used after Parsedown/Markdown rendering) Applied to: - partage/index.php: mailto link at top + error scenarios via _flash_contact flag rendered in form.php (outside htmlspecialchars to avoid double-escape) - admin/acces.php: request email mailto links - admin/file-access.php: request email mailto links - public/about.php: contact email mailto links - public/tfe.php: author contact mailto links - AboutController: Parsedown output post-processing - LicenceController: Parsedown output post-processing - Dispatcher::render(): require_once EmailObfuscator for all public views Also fixed _flash_contact session flag in form.php partial to show contact email line on share link validation errors (separate from flash_error/warning to bypass htmlspecialchars double-escaping).
30 lines
2.4 KiB
Markdown
30 lines
2.4 KiB
Markdown
# TODO
|
|
|
|
- [x] Fix language-search-fragment: use searchLanguages() like tag fragment, remove broken predefined exclusion logic
|
|
- [x] Both fragments now follow identical patterns
|
|
- [x] Fix "Créer" button not appearing on language search: both language and tag inputs used name="q" in the same form, causing HTMX to submit the wrong (empty) value — renamed to unique names (language_search_q / tag_search_q)
|
|
- [x] Exclude Français, Anglais, Néerlandais from language-search suggestions (handled by the checkbox list)
|
|
- [x] Refactor file upload naming convention
|
|
- [x] Create shared ThesisFileHandler trait (src/Controllers/ThesisFileHandler.php)
|
|
- [x] New pattern: theses/{YYYY}/{YYYY}_{AUTHORS}_{TITLE_SLUG}/
|
|
- [x] COUVERTURE: single cover image in thesis folder (covers/ directory deprecated)
|
|
- [x] NOTE_INTENTION: single PDF in thesis folder
|
|
- [x] TFE_{XX}: main files, contiguous numbering 01+, hierarchy PDF > video > audio > subtitles > images > other
|
|
- [x] Subtitles (VTT) placed immediately after their associated video in TFE sequence
|
|
- [x] ANNEXE_{XX}: annex files, separate numbering 01+
|
|
- [x] Two-digit zero-padded numbering (sprintf('%02d', ...))
|
|
- [x] Update ThesisCreateController.php: use trait, new file handling
|
|
- [x] Update ThesisEditController.php: use trait, new file handling
|
|
- [x] Remove duplicate methods (generateAuthorSlug, sanitizeFilename, etc.) from both controllers
|
|
- [x] Update Database.php: deprecate handleCoverUpload, remove banner_path from queries
|
|
- [x] Update SystemController.php: remove banners/ stats
|
|
- [x] Update schema.sql: remove banner_path column and view field
|
|
- [x] Create migration 027_drop_banner_path.sql
|
|
- [x] Update PureLogicTest.php: adapt detectFileType call signature
|
|
- [x] All pure logic tests pass
|
|
- [x] Fix license validation: only require license for non-admin when access_type_id=1 (Libre), not for Interne (2) or Interdit (3) — fixes share link submissions failing with "Veuillez sélectionner une licence"
|
|
- [x] Add xamxam@erg.be mailto link at top of student (partage) form
|
|
- [x] On validation error, append "envoyez un e-mail à xamxam@erg.be" to flash error message
|
|
- [x] Preserve uploaded file names across validation redirects: store in session, display as warning on re-render so the student knows which files to re-select
|
|
- [x] Obfuscate all email addresses and mailto: links as HTML decimal entities site-wide (EmailObfuscator class, applied in templates + Parsedown post-processing)
|