Added migration file

public/index.php

@@ -12,6 +12,8 @@ use Medoo\Medoo;
 use App\Controllers\PostController;
 use App\Repositories\PostRepository;
 use App\Services\HtmlSanitizer;
+use App\Services\HtmlPurifierFactory;
+use App\Database\Migration;
 use App\Routes;
 use App\Config;
 
@@ -46,20 +48,15 @@ $db = new Medoo([
     'database' => $dbFile,
 ]);
 
-// Créer la table si elle n'existe pas
+// Exécuter les migrations
-$db->pdo->exec("
+Migration::run($db);
-    CREATE TABLE IF NOT EXISTS post (
-        id INTEGER PRIMARY KEY AUTOINCREMENT,
-        title TEXT NOT NULL,
-        content TEXT NOT NULL,
-        slug TEXT UNIQUE NOT NULL DEFAULT '',
-        created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
-        updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
-    )
-");
 
-// HtmlSanitizer
+// HtmlPurifier (créé via la factory)
-$htmlSanitizer = new HtmlSanitizer();
+$htmlPurifierCacheDir = __DIR__ . '/../var/cache/htmlpurifier';
+$htmlPurifier = HtmlPurifierFactory::create($htmlPurifierCacheDir);
+
+// HtmlSanitizer (reçoit HTMLPurifier injecté)
+$htmlSanitizer = new HtmlSanitizer($htmlPurifier);
 
 // PostRepository
 $postRepository = new PostRepository($db);

src/Database/Migration.php

@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Database;
+
+use Medoo\Medoo;
+
+final class Migration
+{
+    public static function run(Medoo $db): void
+    {
+        $db->pdo->exec("
+            CREATE TABLE IF NOT EXISTS post (
+                id INTEGER PRIMARY KEY AUTOINCREMENT,
+                title TEXT NOT NULL,
+                content TEXT NOT NULL,
+                slug TEXT UNIQUE NOT NULL DEFAULT '',
+                created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+                updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
+            )
+        ");
+    }
+}

src/Services/HtmlPurifierFactory.php

@@ -0,0 +1,44 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Services;
+
+use HTMLPurifier;
+use HTMLPurifier_Config;
+
+/**
+ * Factory pour créer et configurer une instance HTMLPurifier.
+ * Centralise toute la logique de configuration.
+ */
+final class HtmlPurifierFactory
+{
+    /**
+     * Crée une instance HTMLPurifier préconfigurée.
+     *
+     * @param string $cacheDir Répertoire de cache pour HTMLPurifier
+     * @return HTMLPurifier
+     */
+    public static function create(string $cacheDir): HTMLPurifier
+    {
+        // Créer le répertoire de cache s'il n'existe pas
+        if (!is_dir($cacheDir)) {
+            @mkdir($cacheDir, 0755, true);
+        }
+
+        // Créer et configurer HTMLPurifier
+        $config = HTMLPurifier_Config::createDefault();
+
+        // Balises HTML autorisées
+        $config->set('HTML.Allowed', 'p,br,strong,em,u,h1,h2,h3,h4,h5,h6,ul,ol,li,blockquote,a[href],img[src|alt|width|height]');
+
+        // Attributs autorisés
+        $config->set('HTML.AllowedAttributes', 'href,src,alt,width,height,title');
+
+        // Configuration du cache
+        $config->set('Cache.DefinitionImpl', 'Serializer');
+        $config->set('Cache.SerializerPath', $cacheDir);
+
+        return new HTMLPurifier($config);
+    }
+}

src/Services/HtmlSanitizer.php

@@ -5,30 +5,14 @@ declare(strict_types=1);
 namespace App\Services;
 
 use HTMLPurifier;
-use HTMLPurifier_Config;
 
 final class HtmlSanitizer
 {
-    private HTMLPurifier $purifier;
+    /**
-
+     * @param HTMLPurifier $purifier Instance préconfigurée d'HTMLPurifier
-    public function __construct()
+     */
+    public function __construct(private HTMLPurifier $purifier)
     {
-        // Créer le répertoire de cache s'il n'existe pas
-        $cacheDir = __DIR__ . '/../../var/cache/htmlpurifier';
-        if (!is_dir($cacheDir)) {
-            @mkdir($cacheDir, 0755, true);
-        }
-
-        $config = HTMLPurifier_Config::createDefault();
-        // Autoriser les balises courantes de formatage
-        $config->set('HTML.Allowed', 'p,br,strong,em,u,h1,h2,h3,h4,h5,h6,ul,ol,li,blockquote,a[href],img[src|alt|width|height]');
-        // Désactiver les attributs dangereux
-        $config->set('HTML.AllowedAttributes', 'href,src,alt,width,height,title');
-        // Activer le cache
-        $config->set('Cache.DefinitionImpl', 'Serializer');
-        $config->set('Cache.SerializerPath', $cacheDir);
-
-        $this->purifier = new HTMLPurifier($config);
     }
 
     public function sanitize(string $html): string

views/pages/post_detail.twig

@@ -18,6 +18,7 @@
     {% endif %}
 
     <div class="post-content">
+        {# Le contenu est déjà sanitisé par HtmlSanitizer #}
         {{ post.content }}
     </div>