greggy/landingpage-haus-schleusingen
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
84 Commits 9 Branches 0 Tags
3a30abc05ea688c827c02f0396368e57683a2898
Commit Graph

4 Commits

Author SHA1 Message Date
greggy
9b92136048 Merge pull request 'Fix #42: CSRF-Schutz für Kontaktformular' (#50) from feature/issue-42-csrf-protection into main
Some checks failed
Lint / PHP Syntax Check (push) Successful in 32s
Details
Lint / HTML Lint (htmlhint) (push) Has been cancelled
Details
Lint / CSS Lint (stylelint) (push) Has been cancelled
Details 
Reviewed-on: #50
 2026-05-22 08:33:41 +02:00
Claw (KI-Assistent)
d44fb337e2 fix(security): replace REQUEST_URI with fixed path in redirects (#43)
All checks were successful
Deploy Feature Branch to Test / deploy (push) Successful in 24s
Details
Lint / PHP Syntax Check (push) Successful in 33s
Details
Lint / CSS Lint (stylelint) (push) Successful in 1m14s
Details
Lint / HTML Lint (htmlhint) (push) Successful in 1m8s
Details
Lint / PHP Syntax Check (pull_request) Successful in 32s
Details
Lint / CSS Lint (stylelint) (pull_request) Successful in 1m12s
Details
Lint / HTML Lint (htmlhint) (pull_request) Successful in 1m8s
Details 
- Replace all 3 occurrences of $_SERVER['REQUEST_URI'] with '/'
- Prevents potential open redirect via client-controlled REQUEST_URI
- Safe since contact form only exists on homepage

Fix #43
 2026-05-21 23:06:19 +00:00
Claw (KI-Assistent)
a919a392cc fix(security): add CSRF protection to contact form (#42)
All checks were successful
Deploy Feature Branch to Test / deploy (push) Successful in 25s
Details
Lint / PHP Syntax Check (push) Successful in 32s
Details
Lint / CSS Lint (stylelint) (push) Successful in 1m13s
Details
Lint / HTML Lint (htmlhint) (push) Successful in 1m9s
Details
Lint / PHP Syntax Check (pull_request) Successful in 32s
Details
Lint / CSS Lint (stylelint) (pull_request) Successful in 1m16s
Details
Lint / HTML Lint (htmlhint) (pull_request) Successful in 1m7s
Details 
- Generate CSRF token (32 bytes) on GET requests
- Add hidden csrf_token field to contact form
- Validate token with hash_equals() (timing-safe) on POST
- Reject invalid/missing tokens with user-friendly error

Fix #42
 2026-05-21 23:05:51 +00:00
Claw
1aedcaf314 refactor: Umstellung auf Mini-MVC-Architektur (Issue #46)
All checks were successful
Deploy Feature Branch to Test / deploy (push) Successful in 24s
Details 
- Front Controller Pattern mit public/index.php als Einstiegspunkt
- Eigenes Routing (App\Core\Router) ohne externes Framework
- Controller: HomeController, ImpressumController, DatenschutzController
- Views mit gemeinsamem Layout (app/views/layouts/main.php)
- PSR-4 Autoloading
- Statische Assets nach public/ verschoben
- Alte Dateien (index.php, impressum.html, datenschutz.html) geloescht
- 301-Redirects fuer alte URLs
- PHP 8.5 kompatibel
- Apache DocumentRoot auf public/ gesetzt
 2026-05-19 14:38:38 +00:00