mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-07 11:39:18 +02:00
592b1183db
All admin action files (account, tag, page, edit, visibility, maintenance,
publish, formulaire) now call App::flash('error'|'success', ...) instead of
writing to raw per-page session keys ($_SESSION['error'], 'admin_error',
'edit_error', 'admin_success', 'edit_success', 'form_error').
All admin display pages (add, edit, account, tags, pages, index) now include
templates/partials/flash-messages.php instead of manually reading and
unsetting the legacy session keys and inlining their own alert HTML.
App::consumeFlash() already drained all legacy key variants as a safety net,
so the partial works correctly whether called from pages that were already
migrated or any remaining stragglers. No behaviour change for end users.
36 lines
1.0 KiB
PHP
36 lines
1.0 KiB
PHP
<?php
|
|
require_once __DIR__ . "/../../../config/bootstrap.php";
|
|
require_once __DIR__ . '/../../../src/AdminAuth.php';
|
|
AdminAuth::requireLogin();
|
|
|
|
// CSRF check
|
|
if (!isset($_POST['csrf_token']) || !isset($_SESSION['csrf_token']) ||
|
|
!hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
|
|
die("Erreur de sécurité : token invalide.");
|
|
}
|
|
|
|
$allowedSlugs = ['about', 'licenses', 'charte', 'contact'];
|
|
$slug = $_POST['slug'] ?? '';
|
|
if (!in_array($slug, $allowedSlugs)) {
|
|
die("Slug invalide.");
|
|
}
|
|
|
|
$content = $_POST['content'] ?? '';
|
|
if (strlen($content) > 65535) {
|
|
die("Contenu trop long (max 65 535 caractères).");
|
|
}
|
|
|
|
require_once __DIR__ . '/../../../src/Database.php';
|
|
|
|
try {
|
|
$db = new Database();
|
|
$db->savePage($slug, $content);
|
|
App::flash('success', "Page «" . $slug . "» mise à jour avec succès.");
|
|
} catch (Exception $e) {
|
|
error_log("Page save error: " . $e->getMessage());
|
|
die("Erreur lors de la sauvegarde : " . htmlspecialchars($e->getMessage()));
|
|
}
|
|
|
|
header('Location: /admin/pages.php');
|
|
exit;
|