cedricAbonnel/folio
1
0
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects Releases Wiki Activity

feat #58 : wizard multi-étapes création/édition article #59

Merged
cedricAbonnel merged 5 commits from feat/wizard-multi-step into main 2026-05-14 19:50:33 +00:00
Conversation 0 Commits 5 Files Changed 18
+30 -6
6 changed files with 30 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 24bb244352 - Show all commits
public/.htaccess
+4
View File
@@ -3,6 +3,10 @@ DirectoryIndex index.php
RewriteEngine On
# Paramètres DokuWiki (?do=media, ?do=export_pdf, etc.) — 410 Gone, jamais de contenu ici
RewriteCond %{QUERY_STRING} (^|&)do= [NC]
RewriteRule ^ - [R=410,L]
# Fichiers et répertoires réels servis directement
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
public/index.php
+10 -5
View File
@@ -4,11 +4,16 @@ declare(strict_types=1);
define('BASE_PATH', realpath(__DIR__ . '/../'));
if (session_status() === PHP_SESSION_NONE) {
$_sessionName = getenv('SESSION_NAME') ?: 'PHPSESSID';
if (session_status() === PHP_SESSION_NONE
&& (isset($_COOKIE[$_sessionName]) || $_SERVER['REQUEST_METHOD'] === 'POST')
) {
$isHttps = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off';
session_name($_sessionName);
session_set_cookie_params(['lifetime' => 0, 'path' => '/', 'secure' => $isHttps, 'httponly' => true, 'samesite' => 'Lax']);
session_start();
}
unset($_sessionName);
require_once BASE_PATH . '/src/helpers.php';
require_once BASE_PATH . '/src/auth.php';
@@ -1888,10 +1893,10 @@ switch ($action) {
exit;
}
// CSRF
$csrfOk = isset($_POST['_token'], $_SESSION['comment_csrf'])
&& hash_equals($_SESSION['comment_csrf'], $_POST['_token']);
unset($_SESSION['comment_csrf']);
// CSRF (double-submit cookie — pas de session requise pour les visiteurs)
$csrfOk = isset($_POST['_token'], $_COOKIE['_csrf_c'])
&& hash_equals($_COOKIE['_csrf_c'], $_POST['_token']);
setcookie('_csrf_c', '', ['expires' => time() - 3600, 'path' => '/', 'samesite' => 'Strict', 'httponly' => true]);
if (!$csrfOk) {
header('Location: /');
exit;
public/oidc/callback.php
+3
View File
@@ -2,6 +2,9 @@
declare(strict_types=1);
if (!defined('BASE_PATH')) {
define('BASE_PATH', dirname(__DIR__, 2));
}
require_once dirname(__DIR__, 2) . '/vendor/autoload.php';
require_once dirname(__DIR__, 2) . '/config/config.php';
require_once dirname(__DIR__, 2) . '/bootstrap.php';
public/oidc/me.php
+3
View File
@@ -4,6 +4,9 @@
// version : 20251005
declare(strict_types=1);
if (!defined('BASE_PATH')) {
define('BASE_PATH', dirname(__DIR__, 2));
}
require_once dirname(__DIR__, 2) . '/vendor/autoload.php';
require_once dirname(__DIR__, 2) . '/config/config.php';
require_once dirname(__DIR__, 2) . '/bootstrap.php';
public/oidc/start.php
+3
View File
@@ -2,6 +2,9 @@
declare(strict_types=1);
if (!defined('BASE_PATH')) {
define('BASE_PATH', dirname(__DIR__, 2));
}
require_once dirname(__DIR__, 2) . '/vendor/autoload.php';
require_once dirname(__DIR__, 2) . '/config/config.php';
require_once dirname(__DIR__, 2) . '/bootstrap.php';
templates/comments_section.php
+7 -1
View File
@@ -15,7 +15,13 @@ $_reactionDefs = [
];
$_csrfToken = bin2hex(random_bytes(16));
$_SESSION['comment_csrf'] = $_csrfToken;
setcookie('_csrf_c', $_csrfToken, [
'expires' => 0,
'path' => '/',
'secure' => !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off',
'httponly' => true,
'samesite' => 'Strict',
]);
?>
<?php if (!empty($alsoReadArticles ?? [])): ?>