corentin_wakdo

AcadeNice/corentin_wakdo

Fork 0

History

Imugiii 92731c8b59 All checks were successful CI / secret-scan (push) Successful in 10s Details CI / php-lint (push) Successful in 23s Details CI / secret-scan (pull_request) Successful in 9s Details CI / php-lint (pull_request) Successful in 19s Details CI / static-tests (push) Successful in 33s Details CI / static-tests (pull_request) Successful in 32s Details CI / auto-merge (push) Has been skipped Details CI / auto-merge (pull_request) Successful in 4s Details fix(admin): remove stale unauthenticated static admin mockups Les 6 pages .html du back-office (dashboard, users, catalogue, commandes, cuisine, login) etaient des maquettes statiques de la demo de mai, restees dans le docroot du vhost admin. Apache les servait telles quelles (RewriteCond !-f -> pas de reecriture vers index.php), donc HORS SessionGuard : information disclosure (structure du back-office, libelles, page utilisateurs) accessible sans authentification, en contradiction avec la posture security-by-design. Elles sont superseded par les pages PHP rendues serveur et gardees (P3 : /admin/dashboard, /admin/categories, /admin/products, /admin/profile/pin). Les maquettes ne se liaient qu'entre elles (ilot mort) : aucun lien entrant cote PHP/JS/CSS. La ligne d'exemple de docs/api/conventions.md qui citait login.html est corrigee (assets/ servis tels quels).	2026-06-16 10:08:41 +00:00
..
conventions.md	fix(admin): remove stale unauthenticated static admin mockups	2026-06-16 10:08:41 +00:00

Imugiii 92731c8b59

CI / secret-scan (push) Successful in 10s

Details

CI / php-lint (push) Successful in 23s

Details

CI / secret-scan (pull_request) Successful in 9s

Details

CI / php-lint (pull_request) Successful in 19s

Details

CI / static-tests (push) Successful in 33s

Details

CI / static-tests (pull_request) Successful in 32s

Details

CI / auto-merge (push) Has been skipped

Details

CI / auto-merge (pull_request) Successful in 4s

Details

fix(admin): remove stale unauthenticated static admin mockups

Les 6 pages .html du back-office (dashboard, users, catalogue, commandes,
cuisine, login) etaient des maquettes statiques de la demo de mai, restees
dans le docroot du vhost admin. Apache les servait telles quelles
(RewriteCond !-f -> pas de reecriture vers index.php), donc HORS SessionGuard :
information disclosure (structure du back-office, libelles, page utilisateurs)
accessible sans authentification, en contradiction avec la posture
security-by-design.

Elles sont superseded par les pages PHP rendues serveur et gardees (P3 :
/admin/dashboard, /admin/categories, /admin/products, /admin/profile/pin).
Les maquettes ne se liaient qu'entre elles (ilot mort) : aucun lien entrant
cote PHP/JS/CSS. La ligne d'exemple de docs/api/conventions.md qui citait
login.html est corrigee (assets/ servis tels quels).

2026-06-16 10:08:41 +00:00

conventions.md

fix(admin): remove stale unauthenticated static admin mockups

2026-06-16 10:08:41 +00:00