julien/blog-slim.old
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Various corrections

Browse Source
This commit is contained in:
julien
2026-03-09 15:48:45 +01:00
parent 5b37d2bcd8
commit edb1752f32
6 changed files with 72 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/Controllers/PostController.php
View File

@@ -15,8 +15,11 @@ use App\Models\Post;
*/
class PostController
{
public function __construct(private Twig $view, private Medoo $db)
{
public function __construct(
private Twig $view,
private Medoo $db,
private \App\Services\HtmlSanitizer $sanitizer
) {
}
/**
@@ -36,7 +39,6 @@ class PostController
public function show(Request $req, Response $res, array $args): Response
{
$slug = (string)($args['slug'] ?? '');
$row = $this->db->get('post', '*', ['slug' => $slug]);
if (!$row) {
@@ -45,6 +47,9 @@ class PostController
}
$post = Post::fromArray($row);
// Nettoyer le contenu avant de l'envoyer au template
$post = $post->withSanitizedContent($this->sanitizer->sanitize($post->getContent()));
return $this->view->render($res, 'pages/post_detail.twig', ['post' => $post]);
}
@@ -109,12 +114,19 @@ class PostController
return $res->withHeader('Location', '/admin')->withStatus(302);
}
private function ensureUniqueSlug(string $slug): string
private function ensureUniqueSlug(string $slug, ?int $excludeId = null): string
{
$original = $slug;
$counter = 1;
while ($this->db->get('post', 'id', ['slug' => $slug])) {
while (true) {
$existing = $this->db->get('post', 'id', ['slug' => $slug]);
// Si pas de collision, ou si c'est le même post, le slug est unique
if (!$existing || ($excludeId && $existing === $excludeId)) {
break;
}
$slug = $original . '-' . $counter;
$counter++;
}
@@ -147,10 +159,15 @@ class PostController
return $res->withHeader('Location', '/admin')->withStatus(302);
}
// Calculer le nouveau slug
$newSlug = $post->getSlug();
$newSlug = $this->ensureUniqueSlug($newSlug, $id); // Passer l'ID pour exclure le post actuel
// Persister en DB
$this->db->update('post', [
'title' => $post->getTitle(),
'content' => $post->getContent(),
'slug' => $newSlug,
'updated_at' => date('Y-m-d H:i:s'),
], ['id' => $id]);

12
src/Models/Post.php
View File

@@ -118,11 +118,15 @@ final class Post
public function getExcerpt(int $length = 150): string
{
$text = strip_tags($this->content);
return mb_strlen($text) > $length
$excerpt = mb_strlen($text) > $length
? mb_substr($text, 0, $length) . '...'
: $text;
// Échapper les caractères HTML restants
return htmlspecialchars($excerpt, ENT_QUOTES, 'UTF-8');
}
/**
* Retourne un slug (URL-friendly) du titre.
*
@@ -147,4 +151,10 @@ final class Post
'content' => $this->content,
];
}
public function withSanitizedContent(string $content): self
{
return new self($this->id, $this->title, $content, $this->createdAt, $this->updatedAt);
}
}

32
src/Services/HtmlSanitizer.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
declare(strict_types=1);
namespace App\Services;
use HTMLPurifier;
use HTMLPurifier_Config;
final class HtmlSanitizer
{
private HTMLPurifier $purifier;
public function __construct()
{
$config = HTMLPurifier_Config::createDefault();
// Autoriser les balises courantes de formatage
$config->set('HTML.Allowed', 'p,br,strong,em,u,h1,h2,h3,h4,h5,h6,ul,ol,li,blockquote,a[href],img[src|alt|width|height]');
// Désactiver les attributs dangereux
$config->set('HTML.AllowedAttributes', 'href,src,alt,width,height,title');
// Activer le cache
$config->set('Cache.DefinitionImpl', 'Serializer');
$config->set('Cache.SerializerPath', __DIR__ . '/../../var/cache/htmlpurifier');
$this->purifier = new HTMLPurifier($config);
}
public function sanitize(string $html): string
{
return $this->purifier->purify($html);
}
}