xamxam/app/public/admin/actions/apropos.php

<?php
/**
 * Save handler for apropos contents (contacts, credits).
 * Structure: groups[] with label/role, each having entries[] of {text, url, email}.
 */
require_once __DIR__ . "/../../../bootstrap.php";
require_once __DIR__ . '/../../../src/AdminAuth.php';
AdminAuth::requireLogin();

// CSRF check
if (!isset($_POST['csrf_token']) || !isset($_SESSION['csrf_token']) ||
    !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
    die("Erreur de sécurité : token invalide.");
}

$allowedKeys = ['contacts', 'credits'];
$aproposKey  = $_POST['apropos_key'] ?? '';
if (!in_array($aproposKey, $allowedKeys)) {
    die("Clé invalide.");
}

require_once __DIR__ . '/../../../src/Database.php';

try {
    $db = new Database();
    $groups = $_POST['groups'] ?? [];
    $cleaned = [];

    foreach ($groups as $group) {
        if ($aproposKey === 'credits') {
            $label = trim($group['label'] ?? '');
            if ($label === '') continue;
            $entries = [];
            foreach ($group['entries'] ?? [] as $entry) {
                $text = trim($entry['text'] ?? '');
                if ($text === '') continue;
                $e = ['text' => $text];
                $url = trim($entry['url'] ?? '');
                if ($url !== '') $e['url'] = $url;
                $entries[] = $e;
            }
            if (empty($entries)) continue;
            $cleaned[] = ['label' => $label, 'entries' => $entries];
        } else { // contacts
            $role = trim($group['role'] ?? '');
            if ($role === '') continue;
            $entries = [];
            foreach ($group['entries'] ?? [] as $entry) {
                $text = trim($entry['text'] ?? '');
                if ($text === '') continue;
                $e = [
                    'text'  => $text,
                    'email' => trim($entry['email'] ?? ''),
                ];
                $url = trim($entry['url'] ?? '');
                if ($url !== '') $e['url'] = $url;
                $entries[] = $e;
            }
            if (empty($entries)) continue;
            $cleaned[] = ['role' => $role, 'entries' => $entries];
        }
    }

    if (empty($cleaned)) {
        die("Au moins un groupe avec des entrées est requis.");
    }

    $db->saveAproposContent($aproposKey, $cleaned);
    App::flash('success', "Contenu « $aproposKey » mis à jour avec succès.");
} catch (Exception $e) {
    error_log("Apropos save error: " . $e->getMessage());
    die("Erreur lors de la sauvegarde : " . htmlspecialchars($e->getMessage()));
}

header('Location: /admin/contenus.php');
exit;