mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-06-25 16:19:19 +02:00
38ef550397
Replace text labels (h1, bold, italic) with rendered HTML in the Rendu column: headings, strong, em, del, code, links, blockquote, lists, hr, sup, small
77 lines
2.6 KiB
PHP
77 lines
2.6 KiB
PHP
<?php
|
|
/**
|
|
* Save handler for form help blocks (student-facing explanatory text shown
|
|
* in the /partage share-link submission form).
|
|
* Supports both regular form POST and AJAX auto-save requests.
|
|
*/
|
|
require_once __DIR__ . '/../../../bootstrap.php';
|
|
require_once __DIR__ . '/../../../src/AdminAuth.php';
|
|
error_log('[form-help.php] ENTRY | method=' . $_SERVER['REQUEST_METHOD'] . ' | key=' . ($_POST['form_help_key'] ?? 'none') . ' | post_keys=' . implode(',', array_keys($_POST)));
|
|
AdminAuth::requireLogin();
|
|
|
|
$isAjax = (!empty($_SERVER['HTTP_ACCEPT']) && str_contains($_SERVER['HTTP_ACCEPT'], 'application/json'))
|
|
|| !empty($_SERVER['HTTP_HX_REQUEST']);
|
|
|
|
if (!isset($_POST['csrf_token'], $_SESSION['csrf_token'])
|
|
|| !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
|
|
if ($isAjax) {
|
|
http_response_code(403);
|
|
header('Content-Type: application/json');
|
|
echo json_encode(['error' => 'Erreur de sécurité : token invalide.']);
|
|
exit;
|
|
}
|
|
App::flash('error', 'Erreur de sécurité : token invalide.');
|
|
header('Location: /admin/contenus.php');
|
|
exit;
|
|
}
|
|
|
|
$key = $_POST['form_help_key'] ?? '';
|
|
$content = $_POST['content'] ?? '';
|
|
|
|
require_once APP_ROOT . '/src/Database.php';
|
|
require_once APP_ROOT . '/src/AdminLogger.php';
|
|
require_once APP_ROOT . '/src/ErrorHandler.php';
|
|
$db = new Database();
|
|
|
|
if (!in_array($key, Database::FORM_HELP_KEYS, true)) {
|
|
if ($isAjax) {
|
|
http_response_code(400);
|
|
header('Content-Type: application/json');
|
|
echo json_encode(['error' => 'Clé de bloc invalide.']);
|
|
exit;
|
|
}
|
|
App::flash('error', 'Clé de bloc invalide.');
|
|
header('Location: /admin/contenus.php');
|
|
exit;
|
|
}
|
|
|
|
try {
|
|
$db->setFormHelpBlock($key, $content);
|
|
AdminLogger::make()->logFormStructureEdit($key);
|
|
|
|
if ($isAjax) {
|
|
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
|
|
header('Content-Type: application/json');
|
|
echo json_encode([
|
|
'success' => true,
|
|
'csrf_token' => $_SESSION['csrf_token'],
|
|
]);
|
|
exit;
|
|
}
|
|
App::flash('success', 'Bloc « ' . htmlspecialchars($key) . ' » mis à jour.');
|
|
} catch (Exception $e) {
|
|
ErrorHandler::log('form_help', $e);
|
|
$msg = 'Erreur lors de la sauvegarde : ' . ErrorHandler::userMessage($e);
|
|
if ($isAjax) {
|
|
http_response_code(500);
|
|
header('Content-Type: application/json');
|
|
echo json_encode(['error' => $msg]);
|
|
exit;
|
|
}
|
|
App::flash('error', $msg);
|
|
}
|
|
|
|
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
|
|
header('Location: /admin/contenus.php#form-help-blocks');
|
|
exit;
|