92731c8b59
All checks were successful
CI / secret-scan (push) Successful in 10s
CI / php-lint (push) Successful in 23s
CI / secret-scan (pull_request) Successful in 9s
CI / php-lint (pull_request) Successful in 19s
CI / static-tests (push) Successful in 33s
CI / static-tests (pull_request) Successful in 32s
CI / auto-merge (push) Has been skipped
CI / auto-merge (pull_request) Successful in 4s
Les 6 pages .html du back-office (dashboard, users, catalogue, commandes, cuisine, login) etaient des maquettes statiques de la demo de mai, restees dans le docroot du vhost admin. Apache les servait telles quelles (RewriteCond !-f -> pas de reecriture vers index.php), donc HORS SessionGuard : information disclosure (structure du back-office, libelles, page utilisateurs) accessible sans authentification, en contradiction avec la posture security-by-design. Elles sont superseded par les pages PHP rendues serveur et gardees (P3 : /admin/dashboard, /admin/categories, /admin/products, /admin/profile/pin). Les maquettes ne se liaient qu'entre elles (ilot mort) : aucun lien entrant cote PHP/JS/CSS. La ligne d'exemple de docs/api/conventions.md qui citait login.html est corrigee (assets/ servis tels quels). |
||
|---|---|---|
| .. | ||
| _ref | ||
| api | ||
| architecture | ||
| design | ||
| journal | ||
| merise | ||
| uml | ||
| PROJECT_CONTEXT.md | ||