mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-06-25 16:19:19 +02:00
6f7a02244f
Extract shared filepond logic into src/FilepondHandler.php class. Admin filepond endpoints delegate to the handler after AdminAuth check. New partage filepond endpoints at /partage/actions/filepond/ verify share_active session flag + CSRF token, no admin auth required. JS reads filepond-base meta tag to determine endpoint path: - Admin pages: /admin/actions/filepond (via head.php isAdmin check) - Partage form: /partage/actions/filepond (explicit meta) partage/index.php sets share_active = true on form render, cleans up on successful submit. Partage process endpoint rate-limited to 30/5min per session. No nginx changes needed — /partage/ location already handles PHP without auth_basic.
19 lines
689 B
PHP
19 lines
689 B
PHP
<?php
|
|
/**
|
|
* FilePond load endpoint — streams an existing thesis file back to FilePond (admin).
|
|
*
|
|
* GET /admin/actions/filepond/load.php?id={db_id}
|
|
*
|
|
* Used in edit mode to restore saved files into the FilePond UI.
|
|
*/
|
|
|
|
require_once __DIR__ . '/../../../../bootstrap.php';
|
|
require_once __DIR__ . '/../../../../src/AdminAuth.php';
|
|
require_once __DIR__ . '/../../../../src/FilepondHandler.php';
|
|
|
|
// ── Auth (admin only) ────────────────────────────────────────────────────
|
|
AdminAuth::requireLogin();
|
|
|
|
$handler = new FilepondHandler('[filepond:admin]');
|
|
$handler->handleLoad();
|