PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
7e987d281c6ccb254f82b40ad111d86122a02256
xamxam/app/public/admin/actions/formulaire.php
Pontoporeia d5fee1acfb fix: repair form submission with queued files + add comprehensive debug logging 
- Replace fetch(redirect:manual) with XMLHttpRequest in file-upload-queue.js.
  The previous fetch-based redirect detection was broken because opaque
  redirects hide the Location header. XHR's responseURL reliably exposes
  the final URL after server-side redirects.

- Add console.log tracing at every decision point in submit interception:
  entry, hasFiles check, enctype check, double-submit guard, XHR status,
  redirect detection, error fallback.

- Add error_log entry-point logging to all 16 admin action files plus
  the partage/index.php submission handler and password gate. Each logs:
  request method, content type/length, POST keys, file counts, and
  queue-specific file counts where applicable.

- Add double-submit guard (_xamxamActiveSubmit) to prevent duplicate
  XHR sends when the native submit handler fires after interception.
2026-05-19 00:08:05 +02:00

90 lines
3.6 KiB
PHP
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?php
// Bootstrap application
require_once __DIR__ . '/../../../bootstrap.php';
require_once __DIR__ . '/../../../src/AdminAuth.php';
error_log('[formulaire.php] ENTRY | method=' . $_SERVER['REQUEST_METHOD'] . ' | content_type=' . ($_SERVER['CONTENT_TYPE'] ?? 'none') . ' | content_length=' . ($_SERVER['CONTENT_LENGTH'] ?? '0') . ' | post_keys=' . implode(',', array_keys($_POST)) . ' | files_count=' . count($_FILES) . ' | files_keys=' . implode(',', array_keys($_FILES)) . ' | queue_tfe=' . (isset($_FILES['queue_file']['name']['tfe']) ? count(array_filter($_FILES['queue_file']['name']['tfe'])) : 0));
// Only suppress display_errors in production (cli-server = dev mode).
if (php_sapi_name() !== 'cli-server') {
ini_set('display_errors', 0);
ini_set('log_errors', 1);
ini_set('error_log', APP_ROOT . '/../error.log');
}
AdminAuth::requireLogin();
// Verify CSRF token
if (!isset($_POST['csrf_token'], $_SESSION['csrf_token'])
|| !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
error_log(sprintf(
'CSRF token validation failed in formulaire.php - POST token: %s, SESSION token: %s',
$_POST['csrf_token'] ?? '(missing)',
$_SESSION['csrf_token'] ?? '(missing)'
));
die('Erreur de sécurité : token invalide. Veuillez recharger le formulaire.');
}
error_log('[formulaire.php] full FILES array: ' . print_r($_FILES, true));
require_once APP_ROOT . '/src/Controllers/ThesisCreateController.php';
require_once APP_ROOT . '/src/AppLogger.php';
require_once APP_ROOT . '/src/AdminLogger.php';
require_once APP_ROOT . '/src/DuplicateThesisException.php';
require_once APP_ROOT . '/src/ErrorHandler.php';
$logger = new AppLogger();
$adminLogger = AdminLogger::make();
$authorName = $_POST['auteurice'] ?? 'unknown';
try {
$ctrl = ThesisCreateController::make();
$thesisId = $ctrl->submit($_POST, $_FILES, true);
$identifier = $ctrl->getIdentifier($thesisId);
$logger->logSubmission('admin', $thesisId, $identifier, $authorName);
$adminLogger->logAdd($thesisId, $identifier, $authorName);
unset($_SESSION['csrf_token']);
$redirect = '../recapitulatif.php?id=' . $thesisId;
header('Location: ' . $redirect);
exit();
} catch (DuplicateThesisException $e) {
$logger->logDuplicate('admin', $authorName, $e->existingThesisId, $e->existingIdentifier);
ErrorHandler::log('thesis_create_duplicate', $e, ['author' => $authorName]);
// Build a warning with a clickable link to the existing thesis.
$existingUrl = htmlspecialchars('/admin/edit.php?id=' . $e->existingThesisId);
$existingRef = htmlspecialchars($e->existingIdentifier . ' - ' . $e->existingTitle . ' (' . $e->existingYear . ')');
$warningHtml = 'Doublon détecté : un TFE très similaire existe déjà.'
. '<br><a href="' . $existingUrl . '">' . $existingRef . '</a>'
. '<br>Vérifiez avant de soumettre à nouveau.';
App::flash('warning', $warningHtml);
$_SESSION['form_data'] = $_POST;
header('Location: ../add.php');
exit();
} catch (Exception $e) {
$logger->logError('admin', $e->getMessage(), [
'author' => $authorName,
'post_keys' => array_keys($_POST),
]);
ErrorHandler::log('thesis_create', $e, ['author' => $authorName]);
App::flash('error', ErrorHandler::userMessage($e));
$_SESSION['form_data'] = $_POST;
$redirect = '../add.php';
$autofocusField = ThesisCreateController::autofocusFieldForError($e->getMessage());
if ($autofocusField !== null) {
App::flashAutofocus($autofocusField);
}
header('Location: ' . $redirect);
exit();
}
Reference in New Issue View Git Blame Copy Permalink