PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 08:09:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
5735ccbc3878c5acf841bf69d6cc015975ee1bc3
xamxam/app/templates/admin/recapitulatif.php
Pontoporeia 5735ccbc38 Fix issues with nginx access to pages 
- fix: 403 on /language-autre-fragment.php — add explicit nginx location block

  The nginx catch-all  blocked direct access
  to all PHP files except /index.php and files inside /admin/.

  language-autre-fragment.php lives at the public root and is POSTed to by
  HTMX from both the admin edit form and the partage form. Added an explicit
   fastcgi block so it is executed
  rather than denied.

- fix: replace .php-suffixed public URLs blocked by nginx catch-all

  Audit of all client-facing PHP URL references against nginx routing:

  - fetch('/request-access.php') in tfe.php -> '/request-access'
    (clean URL already routed by Dispatcher)
  - /media.php?path= in form.php (x2) and admin/recapitulatif.php -> /media?path=
    (nginx only has location = /media, no location for /media.php)

  All these .php-suffixed URLs hit the nginx catch-all
    location ~ \.php$ { deny all; }
  which takes precedence over location / { try_files ... } for regex matches.
2026-05-13 17:58:29 +02:00

147 lines
7.3 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<main id="main-content">
<?php if ($studentMode): ?>
<!-- ═══════════════════ STUDENT MODE: Thank you page ═══════════════════ -->
<div class="thanks-student-page">
<?php if ($error): ?>
<div class="thanks-error">
<h1>⚠ Oups…</h1>
<p><?= htmlspecialchars($error) ?></p>
<a href="/admin/add.php?mode=student" class="btn btn--primary btn--lg btn-new-form">← Retour au formulaire</a>
</div>
<?php elseif ($thesis): ?>
<div class="thanks-success">
<h1>Merci 🎉</h1>
<p class="thanks-message">
Ton TFE <strong><?= htmlspecialchars($thesis['title']) ?></strong> a bien été soumis.
</p>
<a href="/admin/add.php?mode=student" class="btn btn--primary btn--lg btn-new-form">+ Ajouter un nouveau TFE</a>
</div>
<?php else: ?>
<div class="thanks-error">
<h1>Erreur</h1>
<p>Aucune donnée à afficher.</p>
<a href="/admin/add.php?mode=student" class="btn btn--primary btn--lg btn-new-form">← Retour au formulaire</a>
</div>
<?php endif; ?>
</div>
<?php else: ?>
<!-- ═══════════════════ ADMIN MODE: Recap page ═══════════════════ -->
<h1>Récapitulatif TFE</h1>
<?php if ($error): ?>
<p class="toast" role="alert" data-type="error">⚠ <?= htmlspecialchars($error) ?></p>
<p><a href="/admin/add.php" class="btn btn--secondary">Retour au formulaire</a></p>
<?php elseif ($thesis): ?>
<section>
<h2>Informations de base</h2>
<dl>
<dt>Identifiant</dt><dd><?= htmlspecialchars($thesis['identifier']) ?></dd>
<dt>Titre</dt><dd><?= htmlspecialchars($thesis['title']) ?></dd>
<?php if ($thesis['subtitle']): ?>
<dt>Sous-titre</dt><dd><?= htmlspecialchars($thesis['subtitle']) ?></dd>
<?php endif; ?>
<dt>Auteur·ice(s)</dt><dd><?= htmlspecialchars($thesis['authors']) ?></dd>
<dt>Année</dt><dd><?= htmlspecialchars($thesis['year']) ?></dd>
</dl>
</section>
<section>
<h2>Détails académiques</h2>
<dl>
<dt>Orientation</dt><dd><?= htmlspecialchars($thesis['orientation'] ?? '') ?></dd>
<dt>Atelier pratique</dt><dd><?= htmlspecialchars($thesis['ap_program'] ?? '') ?></dd>
<dt>Finalité</dt><dd><?= htmlspecialchars($thesis['finality_type'] ?? '') ?></dd>
<?php if ($thesis['supervisors']): ?>
<dt>Promoteur·ice(s)</dt><dd><?= htmlspecialchars($thesis['supervisors']) ?></dd>
<?php endif; ?>
<?php if (!empty($thesis['jury_promoteurs_ulb'])): ?>
<dt>Promoteur·ice(s) ULB</dt><dd><?= htmlspecialchars($thesis['jury_promoteurs_ulb']) ?></dd>
<?php endif; ?>
<?php if (!empty($thesis['jury_lecteurs_internes'])): ?>
<dt>Lecteur·ices (interne)</dt><dd><?= htmlspecialchars($thesis['jury_lecteurs_internes']) ?></dd>
<?php endif; ?>
<?php if (!empty($thesis['jury_lecteurs_externes'])): ?>
<dt>Lecteur·ices (externe)</dt><dd><?= htmlspecialchars($thesis['jury_lecteurs_externes']) ?></dd>
<?php endif; ?>
</dl>
</section>
<section>
<h2>Contenu</h2>
<dl>
<?php if ($thesis['languages']): ?>
<dt>Langue(s)</dt><dd><?= htmlspecialchars($thesis['languages']) ?></dd>
<?php endif; ?>
<?php if ($thesis['formats']): ?>
<dt>Format(s)</dt><dd><?= htmlspecialchars($thesis['formats']) ?></dd>
<?php endif; ?>
<?php if ($thesis['keywords']): ?>
<dt>Mots-clés</dt><dd><?= htmlspecialchars($thesis['keywords']) ?></dd>
<?php endif; ?>
<?php if ($thesis['file_size_info']): ?>
<dt>Durée / Taille</dt><dd><?= htmlspecialchars($thesis['file_size_info']) ?></dd>
<?php endif; ?>
<?php if ($thesis['baiu_link']): ?>
<dt>Lien</dt><dd><a href="<?= htmlspecialchars($thesis['baiu_link']) ?>" target="_blank" rel="noopener"><?= htmlspecialchars($thesis['baiu_link']) ?></a></dd>
<?php endif; ?>
</dl>
</section>
<?php if (!empty($files)): ?>
<section>
<h2>Fichiers</h2>
<ul class="recap-file-list">
<?php foreach ($files as $f): ?>
<?php
$mime = $f['mime_type'] ?? '';
$isImage = str_starts_with($mime, 'image/');
$mediaUrl = '/media?path=' . urlencode($f['file_path']);
$fileName = htmlspecialchars($f['file_name'] ?? basename($f['file_path']));
$fileType = htmlspecialchars($f['file_type']);
?>
<li class="recap-file-item">
<?php if ($isImage): ?>
<a href="<?= $mediaUrl ?>" target="_blank" rel="noopener" class="recap-file-thumb-link">
<img src="<?= $mediaUrl ?>" alt="<?= $fileName ?>" class="recap-file-thumb" loading="lazy">
</a>
<?php else: ?>
<span class="recap-file-icon">
<?php
if ($mime === 'application/pdf') echo '📄';
elseif (str_starts_with($mime, 'video/')) echo '🎬';
elseif (str_starts_with($mime, 'audio/')) echo '🎵';
elseif (in_array($mime, ['application/zip','application/x-zip-compressed'])) echo '🗜️';
elseif (str_ends_with($f['file_name'] ?? '', '.vtt')) echo '💬';
else echo '📎';
?>
</span>
<?php endif; ?>
<div class="recap-file-meta">
<a href="<?= $mediaUrl ?>" target="_blank" rel="noopener" class="recap-file-name"><?= $fileName ?></a>
<span class="recap-file-type-badge"><?= $fileType ?></span>
<span class="recap-file-size"><?= formatFileSize($f['file_size']) ?></span>
<span class="recap-file-date"><?= date('d/m/Y H:i', strtotime($f['uploaded_at'])) ?></span>
</div>
</li>
<?php endforeach; ?>
</ul>
</section>
<?php endif; ?>
<div class="admin-action-bar">
<a href="/admin/edit.php?id=<?= $thesisId ?>" class="btn btn--primary">Modifier</a>
<a href="/admin/add.php" class="btn btn--secondary">Ajouter un autre TFE</a>
<a href="/admin/" class="btn btn--secondary">Retour à la liste</a>
</div>
<?php else: ?>
<p class="admin-muted">Aucune donnée à afficher.</p>
<p><a href="/admin/add.php" class="btn btn--secondary">Retour au formulaire</a></p>
<?php endif; ?>
<?php endif; ?>
</main>
Reference in New Issue View Git Blame Copy Permalink