PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 19:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
5f24dcae7eb26ea2572815efab9a4da3f9fa8b82
xamxam/app/public/admin/actions/formulaire.php
Pontoporeia 5f24dcae7e fix: duplicate warning not shown in admin, double-encoded in partage, no focus 
- toast-fragment.php: 204 early-exit now also checks flash['warning'];
  previously the warning was consumed by consumeFlash() then silently dropped
- partage/index.php: store warning as plain text; htmlspecialchars() applied
  once at render time — previously htmlspecialchars() was called inside the
  stored string then again at output, producing ' entities etc.
- partage/index.php: flash-warning div gets id + tabindex=-1; inline JS
  scrolls it into view and focuses it on DOMContentLoaded
- admin/footer.php: htmx:afterSettle listener focuses .toast--warning after
  HTMX injects the toast fragment into #toast-region
2026-05-05 11:04:52 +02:00

84 lines
2.8 KiB
PHP
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?php
// Bootstrap application
require_once __DIR__ . '/../../../bootstrap.php';
require_once __DIR__ . '/../../../src/AdminAuth.php';
ini_set('display_errors', 0);
ini_set('log_errors', 1);
ini_set('error_log', APP_ROOT . '/../error.log');
AdminAuth::requireLogin();
// Verify CSRF token
if (!isset($_POST['csrf_token'], $_SESSION['csrf_token'])
|| !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
error_log(sprintf(
'CSRF token validation failed in formulaire.php - POST token: %s, SESSION token: %s',
$_POST['csrf_token'] ?? '(missing)',
$_SESSION['csrf_token'] ?? '(missing)'
));
die('Erreur de sécurité : token invalide. Veuillez recharger le formulaire.');
}
error_log('FILES array: ' . print_r($_FILES, true));
require_once APP_ROOT . '/src/Controllers/ThesisCreateController.php';
require_once APP_ROOT . '/src/AppLogger.php';
require_once APP_ROOT . '/src/DuplicateThesisException.php';
$logger = new AppLogger();
$authorName = $_POST['auteurice'] ?? 'unknown';
try {
$ctrl = ThesisCreateController::make();
$thesisId = $ctrl->submit($_POST, $_FILES);
$identifier = $ctrl->getIdentifier($thesisId);
$logger->logSubmission('admin', $thesisId, $identifier, $authorName);
unset($_SESSION['csrf_token']);
$redirect = '../recapitulatif.php?id=' . $thesisId;
header('Location: ' . $redirect);
exit();
} catch (DuplicateThesisException $e) {
$logger->logDuplicate('admin', $authorName, $e->existingThesisId, $e->existingIdentifier);
error_log('ThesisCreateController duplicate: ' . $e->getMessage());
// Build a warning with a clickable link to the existing thesis.
$existingUrl = htmlspecialchars('/admin/edit.php?id=' . $e->existingThesisId);
$existingRef = htmlspecialchars($e->existingIdentifier . ' - ' . $e->existingTitle . ' (' . $e->existingYear . ')');
$warningHtml = 'Doublon détecté : un TFE très similaire existe déjà.'
. '<br><a href="' . $existingUrl . '">' . $existingRef . '</a>'
. '<br>Vérifiez avant de soumettre à nouveau.';
App::flash('warning', $warningHtml);
$_SESSION['form_data'] = $_POST;
header('Location: ../add.php');
exit();
} catch (Exception $e) {
$logger->logError('admin', $e->getMessage(), [
'author' => $authorName,
'post_keys' => array_keys($_POST),
]);
error_log('ThesisCreateController error: ' . $e->getMessage());
App::flash('error', $e->getMessage());
$_SESSION['form_data'] = $_POST;
$redirect = '../add.php';
$autofocusField = ThesisCreateController::autofocusFieldForError($e->getMessage());
if ($autofocusField !== null) {
App::flashAutofocus($autofocusField);
}
header('Location: ' . $redirect);
exit();
}
Reference in New Issue View Git Blame Copy Permalink