PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 08:09:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
5735ccbc3878c5acf841bf69d6cc015975ee1bc3
xamxam/TODO.md
Pontoporeia 5735ccbc38 Fix issues with nginx access to pages 
- fix: 403 on /language-autre-fragment.php — add explicit nginx location block

  The nginx catch-all  blocked direct access
  to all PHP files except /index.php and files inside /admin/.

  language-autre-fragment.php lives at the public root and is POSTed to by
  HTMX from both the admin edit form and the partage form. Added an explicit
   fastcgi block so it is executed
  rather than denied.

- fix: replace .php-suffixed public URLs blocked by nginx catch-all

  Audit of all client-facing PHP URL references against nginx routing:

  - fetch('/request-access.php') in tfe.php -> '/request-access'
    (clean URL already routed by Dispatcher)
  - /media.php?path= in form.php (x2) and admin/recapitulatif.php -> /media?path=
    (nginx only has location = /media, no location for /media.php)

  All these .php-suffixed URLs hit the nginx catch-all
    location ~ \.php$ { deny all; }
  which takes precedence over location / { try_files ... } for regex matches.
2026-05-13 17:58:29 +02:00

3.8 KiB
Raw Blame History

XAMXAM TODO

Completed

  • TDD analysis + new test suites

    • Bug fixed: SearchController::handleSearch()$coverMap undefined variable + never populated for search results
    • ShareLinkTest (13 tests) — generateSlug, all validateLink branches, verifyPassword, incrementUsage, objet_restriction
    • PureLogicTest (31 tests) — TfeController helpers (meta, OG image, jury split, captions), ThesisCreateController helpers (autofocus, detectFileType, authorSlug), ThesisEditController::buildFileSizeInfo, ExportController CSV column consistency, SearchController coverMap regression
    • Private helpers promoted to protected in TfeController, ThesisCreateController, ThesisEditController to enable subclass-based testing without reflection

  • Form save audit + TDD

    • createThesis() missing duration_pages/duration_minutes columns — fixed
    • ThesisCreateController not passing raw page/minute values to createThesis() — fixed (durationPages, durationMinutes extracted and passed)
    • FormSaveTest.php — 14 red-green tests covering create+edit round-trips for all fields

  • Language form improvements

    • Add Néerlandais as default language option (schema + migration 017)
    • language_autre conditionally required via HTMX fragment (replaced custom JS)
    • language_autre saved via getOrCreateLanguage() in both create and edit controllers
    • formData['languages'] wired in edit.php so checkboxes are pre-checked
    • duration_pages/duration_minutes saved in updateThesis() and read back in getThesisRawFields()
    • beforeunload-guard applied to add and partage forms too

  • Audit + fix direct PHP URL references blocked by nginx catch-all deny all

    • /request-access.php fetch in tfe.php/request-access
    • /media.php?path= in form.php (×2) and admin/recapitulatif.php/media?path=

  • Fix 403 on /language-autre-fragment.php from edit.php

    • Root cause: standalone root-level PHP file blocked by nginx catch-all deny all
    • Moved logic to partage/language-autre-fragment.php (shared include)
    • Added route /partage/language-autre-fragment in partage/index.php
    • Added admin/language-autre-fragment.php (AdminAuth gated, includes shared logic)
    • form.php picks URL based on $mode (partage vs admin)
    • Deleted public/language-autre-fragment.php; nginx unchanged

  • Merge banner images into cover images

    • Migration 016: copy storage/banners/*storage/covers/, insert thesis_files cover records, clear banner_path, remove banners dir
    • Remove banner fieldset from edit form (form.php)
    • Remove banner fieldset from student submission form (fieldset-files.php: rename to couverture)
    • Update ThesisEditController::save() — remove banner upload/removal logic
    • Update ThesisCreateController::submit() — remove handleBannerUpload call
    • Update Database::handleCoverUpload() — add webp support, raise limit to 20 MB
    • Remove Database::setBannerPath(), handleBannerUpload(), getThesisBannerPath()
    • Update Database::deleteThesis() / bulkDeleteTheses() — remove banner file cleanup
    • HomeController: batch-load covers for all items, remove banner_path fallback
    • SearchController::handleSearch(): batch-load covers, pass $coverMap to view
    • SearchController::handleStudentPreview(): load covers, pass $coverMap to partial
    • TfeController::resolveOgImage(): use cover file_type instead of banner_path
    • home.php: use only $coverMap (no banner_path fallback)
    • search.php: show cover thumbnail on result cards
    • student-preview.php: use $coverMap instead of banner_path
    • Migration applied and file moved to applied/
Reference in New Issue View Git Blame Copy Permalink