PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
be50ac5eb09d81caed39734e9ca6bac696dac848
xamxam/app/public/admin/acces.php
Pontoporeia 38dc8de9d8 feat: obfuscate all email addresses and mailto links as HTML entities 
Added EmailObfuscator class (src/EmailObfuscator.php) that converts
email addresses to HTML decimal entities (e.g. foo@...)
so browsers render them correctly but bots and scrapers see gibberish.

Methods:
- email($addr): obfuscate for display in HTML content
- mailto($addr): return obfuscated mailto: href
- obfuscateHtml($html): post-process rendered HTML to obfuscate all
  mailto: links (used after Parsedown/Markdown rendering)

Applied to:
- partage/index.php: mailto link at top + error scenarios via _flash_contact
  flag rendered in form.php (outside htmlspecialchars to avoid double-escape)
- admin/acces.php: request email mailto links
- admin/file-access.php: request email mailto links
- public/about.php: contact email mailto links
- public/tfe.php: author contact mailto links
- AboutController: Parsedown output post-processing
- LicenceController: Parsedown output post-processing
- Dispatcher::render(): require_once EmailObfuscator for all public views

Also fixed _flash_contact session flag in form.php partial to show
contact email line on share link validation errors (separate from
flash_error/warning to bypass htmlspecialchars double-escaping).
2026-05-19 00:08:05 +02:00

34 lines
1.6 KiB
PHP
Raw Blame History

<?php
require_once __DIR__ . '/../../bootstrap.php';
require_once __DIR__ . '/../../src/AdminAuth.php';
require_once __DIR__ . '/../../src/ShareLink.php';
require_once APP_ROOT . '/src/EmailObfuscator.php';
App::adminGuard();
// ── Liens d'accès étudiant·e ──────────────────────────────────────────────────
$shareLink = ShareLink::make();
$links = $shareLink->listActive();
$archivedLinks = $shareLink->listArchived();
$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
$baseUrl = $protocol . '://' . ($_SERVER['HTTP_HOST'] ?? 'localhost');
// ── Demandes d'accès aux fichiers ─────────────────────────────────────────────
require_once APP_ROOT . '/src/Controllers/FileAccessController.php';
$controller = FileAccessController::create();
$vars = $controller->handle();
extract($vars);
// ── Page setup ────────────────────────────────────────────────────────────────
$pageTitle = 'Accès';
$isAdmin = true;
$bodyClass = 'admin-body';
require_once APP_ROOT . '/templates/head.php';
echo '<link rel="stylesheet" href="/assets/css/file-access.css">';
include APP_ROOT . '/templates/header.php';
include APP_ROOT . '/templates/admin/acces.php';
require_once APP_ROOT . '/templates/admin/footer.php';
Reference in New Issue View Git Blame Copy Permalink