mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-07 11:39:18 +02:00
36 lines
1.0 KiB
PHP
36 lines
1.0 KiB
PHP
<?php
|
|
require_once __DIR__ . "/../../../config/bootstrap.php";
|
|
require_once __DIR__ . '/../../../src/AdminAuth.php';
|
|
AdminAuth::requireLogin();
|
|
|
|
// CSRF check
|
|
if (!isset($_POST['csrf_token']) || !isset($_SESSION['csrf_token']) ||
|
|
!hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
|
|
die("Erreur de sécurité : token invalide.");
|
|
}
|
|
|
|
$allowedSlugs = ['about', 'licenses', 'charte', 'contact'];
|
|
$slug = $_POST['slug'] ?? '';
|
|
if (!in_array($slug, $allowedSlugs)) {
|
|
die("Slug invalide.");
|
|
}
|
|
|
|
$content = $_POST['content'] ?? '';
|
|
if (strlen($content) > 65535) {
|
|
die("Contenu trop long (max 65 535 caractères).");
|
|
}
|
|
|
|
require_once __DIR__ . '/../../../src/Database.php';
|
|
|
|
try {
|
|
$db = new Database();
|
|
$db->savePage($slug, $content);
|
|
$_SESSION['success'] = "Page «" . $slug . "» mise à jour avec succès.";
|
|
} catch (Exception $e) {
|
|
error_log("Page save error: " . $e->getMessage());
|
|
die("Erreur lors de la sauvegarde : " . htmlspecialchars($e->getMessage()));
|
|
}
|
|
|
|
header('Location: /admin/pages.php');
|
|
exit;
|