PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 08:09:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
d588ae004d459fc73a308ace36ca1aae9d5c002c
xamxam/app/public/admin/actions/form-help.php
Pontoporeia d588ae004d Reintroduce TFE duration metadata: DB columns, form fields, controllers, views, and migration 
Add 'unsafe-eval' to CSP script-src directives (htmx requires Function())
2026-06-15 15:56:52 +02:00

76 lines
2.4 KiB
PHP
Raw Blame History

<?php
/**
* Save handler for form help blocks (student-facing explanatory text shown
* in the /partage share-link submission form).
* Supports both regular form POST and AJAX auto-save requests.
*/
require_once __DIR__ . '/../../../bootstrap.php';
require_once __DIR__ . '/../../../src/AdminAuth.php';
AdminAuth::requireLogin();
$isAjax = (!empty($_SERVER['HTTP_ACCEPT']) && str_contains($_SERVER['HTTP_ACCEPT'], 'application/json'))
|| !empty($_SERVER['HTTP_HX_REQUEST']);
if (!isset($_POST['csrf_token'], $_SESSION['csrf_token'])
|| !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
if ($isAjax) {
http_response_code(403);
header('Content-Type: application/json');
echo json_encode(['error' => 'Erreur de sécurité : token invalide.']);
exit;
}
App::flash('error', 'Erreur de sécurité : token invalide.');
header('Location: /admin/contenus.php');
exit;
}
$key = $_POST['form_help_key'] ?? '';
$content = $_POST['content'] ?? '';
require_once APP_ROOT . '/src/Database.php';
require_once APP_ROOT . '/src/AdminLogger.php';
require_once APP_ROOT . '/src/ErrorHandler.php';
$db = new Database();
if (!in_array($key, Database::FORM_HELP_KEYS, true)) {
if ($isAjax) {
http_response_code(400);
header('Content-Type: application/json');
echo json_encode(['error' => 'Clé de bloc invalide.']);
exit;
}
App::flash('error', 'Clé de bloc invalide.');
header('Location: /admin/contenus.php');
exit;
}
try {
$db->setFormHelpBlock($key, $content);
AdminLogger::make()->logFormStructureEdit($key);
if ($isAjax) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
header('Content-Type: application/json');
echo json_encode([
'success' => true,
'csrf_token' => $_SESSION['csrf_token'],
]);
exit;
}
App::flash('success', 'Bloc « ' . htmlspecialchars($key) . ' » mis à jour.');
} catch (Exception $e) {
ErrorHandler::log('form_help', $e);
$msg = 'Erreur lors de la sauvegarde : ' . ErrorHandler::userMessage($e);
if ($isAjax) {
http_response_code(500);
header('Content-Type: application/json');
echo json_encode(['error' => $msg]);
exit;
}
App::flash('error', $msg);
}
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
header('Location: /admin/contenus.php#form-help-blocks');
exit;
Reference in New Issue View Git Blame Copy Permalink