PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-07 03:29:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
da53bf5d7a99e9cb73649454443ac4002e57c3b4
xamxam/app/public/admin/actions/page.php

40 lines
1.2 KiB
PHP
Raw Blame History

<?php
/**
* Save handler for static page content (Markdown).
*/
require_once __DIR__ . '/../../../bootstrap.php';
require_once __DIR__ . '/../../../src/AdminAuth.php';
AdminAuth::requireLogin();
if (!isset($_POST['csrf_token'], $_SESSION['csrf_token'])
|| !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
App::flash('error', 'Erreur de sécurité : token invalide.');
header('Location: /admin/contenus.php');
exit;
}
$allowedSlugs = ['about', 'licenses', 'charte'];
$slug = $_POST['slug'] ?? '';
$content = $_POST['content'] ?? '';
if (!in_array($slug, $allowedSlugs, true)) {
App::flash('error', 'Slug de page invalide.');
header('Location: /admin/contenus.php');
exit;
}
require_once APP_ROOT . '/src/Database.php';
$db = new Database();
try {
$db->savePage($slug, $content);
App::flash('success', 'Page « ' . htmlspecialchars($slug) . ' » mise à jour.');
} catch (Exception $e) {
error_log('page save error: ' . $e->getMessage());
App::flash('error', 'Erreur lors de la sauvegarde : ' . htmlspecialchars($e->getMessage()));
}
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
header('Location: /admin/contenus.php');
exit;
Reference in New Issue View Git Blame Copy Permalink