mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-06 11:09:18 +02:00
ca5983075d
- AdminLogger: JSON-lines → /var/log/xamxam.log (prod) / storage/logs/admin.log (dev) + best-effort DB mirror to admin_audit_log table - DB: admin_audit_log table, share_links.is_archived column - ShareLink: archive() replaces delete(), toggleActive() returns new state, listActive()/listArchived() split, validateLink blocks archived slugs - All action handlers wired: publish, unpublish, visibility, delete, csv/db export, tfe add/edit, tags, pages, apropos, form-help, access-request, maintenance, settings (formulaire toggles, objet types, smtp update), smtp-test - acces.php: archive button replaces delete; collapsible archived links section - setup-server.sh: provision /var/log/xamxam.log (www-data:xamxam 640)
57 lines
1.7 KiB
PHP
57 lines
1.7 KiB
PHP
<?php
|
|
// Bootstrap application
|
|
require_once __DIR__ . "/../../../bootstrap.php";
|
|
require_once __DIR__ . '/../../../src/AdminAuth.php';
|
|
|
|
// PHP-level auth guard (defence-in-depth behind nginx Basic Auth)
|
|
AdminAuth::requireLogin();
|
|
|
|
// Only handle POST requests
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
header('Location: ../index.php');
|
|
exit();
|
|
}
|
|
|
|
// Verify CSRF token
|
|
if (!isset($_POST['csrf_token']) || !isset($_SESSION['csrf_token']) ||
|
|
!hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
|
|
error_log("CSRF token validation failed in edit action");
|
|
die("Erreur de sécurité : token invalide. Veuillez recharger le formulaire.");
|
|
}
|
|
|
|
$thesisId = isset($_POST['thesis_id']) ? intval($_POST['thesis_id']) : 0;
|
|
if ($thesisId <= 0) {
|
|
die("ID de TFE invalide.");
|
|
}
|
|
|
|
require_once APP_ROOT . '/src/Controllers/ThesisEditController.php';
|
|
require_once APP_ROOT . '/src/AdminLogger.php';
|
|
|
|
try {
|
|
$ctrl = ThesisEditController::create();
|
|
$ctrl->save($thesisId, $_POST, $_FILES);
|
|
|
|
// Regenerate CSRF token after successful save
|
|
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
|
|
|
|
AdminLogger::make()->logEdit($thesisId, $_POST['titre'] ?? $_POST['title'] ?? '');
|
|
|
|
App::flash('success', "TFE mis à jour avec succès!");
|
|
header('Location: ../edit.php?id=' . $thesisId);
|
|
exit();
|
|
|
|
} catch (Exception $e) {
|
|
error_log("Edit action error: " . $e->getMessage());
|
|
|
|
App::flash('error', $e->getMessage());
|
|
|
|
// WCAG 3.3.1 — map error message to field name for autofocus on re-render.
|
|
$autofocusField = ThesisEditController::autofocusFieldForError($e->getMessage());
|
|
if ($autofocusField !== null) {
|
|
App::flashAutofocus($autofocusField);
|
|
}
|
|
|
|
header('Location: ../edit.php?id=' . $thesisId);
|
|
exit();
|
|
}
|