mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-06-25 16:19:19 +02:00
e0c748d8e7
- Hardcode source code URL and credits in about template, remove from DB/admin interface; only contacts remains editable - Merge apropos editables into one À propos section, remove charte, add editable source code URL
42 lines
1.3 KiB
PHP
42 lines
1.3 KiB
PHP
<?php
|
|
/**
|
|
* Save handler for static page content (Markdown).
|
|
*/
|
|
require_once __DIR__ . '/../../../bootstrap.php';
|
|
require_once __DIR__ . '/../../../src/AdminAuth.php';
|
|
AdminAuth::requireLogin();
|
|
|
|
if (!isset($_POST['csrf_token'], $_SESSION['csrf_token'])
|
|
|| !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
|
|
App::flash('error', 'Erreur de sécurité : token invalide.');
|
|
header('Location: /admin/contenus.php');
|
|
exit;
|
|
}
|
|
|
|
$allowedSlugs = ['about', 'licenses'];
|
|
$slug = $_POST['slug'] ?? '';
|
|
$content = $_POST['content'] ?? '';
|
|
|
|
if (!in_array($slug, $allowedSlugs, true)) {
|
|
App::flash('error', 'Slug de page invalide.');
|
|
header('Location: /admin/contenus.php');
|
|
exit;
|
|
}
|
|
|
|
require_once APP_ROOT . '/src/Database.php';
|
|
require_once APP_ROOT . '/src/AdminLogger.php';
|
|
$db = new Database();
|
|
|
|
try {
|
|
$db->savePage($slug, $content);
|
|
AdminLogger::make()->logPageEdit($slug);
|
|
App::flash('success', 'Page « ' . htmlspecialchars($slug) . ' » mise à jour.');
|
|
} catch (Exception $e) {
|
|
error_log('page save error: ' . $e->getMessage());
|
|
App::flash('error', 'Erreur lors de la sauvegarde : ' . htmlspecialchars($e->getMessage()));
|
|
}
|
|
|
|
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
|
|
header('Location: /admin/contenus.php');
|
|
exit;
|