Hermes
9a14803d26
fix(ui): 10 regression fixes from new design pass
...
- Nav: always visible glass background (no more transparent-on-top)
- Logo: remove text span, kill link underline completely
- Masonry: fix HTML class drift (gallery-grid -> masonry-grid)
- Gallery captions: rename to grid-item-label (hover-only)
- Honeypot: rename to hp-field (was rendered visible!)
- Hero: stronger gradient + text-shadow on h1/tag/meta
- LAGE features: cards with pin icon, no more bulleted list
- Map: full-viewport-width break-out from .lage-section
- Contact form: border-radius, focus glow, custom select arrow,
working .form-submit button style
- Light text: unified --text-muted-on-dark token (replaces 4 magic
white-XX% variants + --stone on .fact-label)
- A11y test: update honeypot class assertion
2026-06-04 18:03:50 +00:00
Hermes
7dd8023222
-m
2026-06-04 17:23:49 +00:00
Hermes
c737312ada
fix(css): mobile nav overflow, hero-bg as <img>, map wrapper class
...
- mobile (≤900px): hide .nav-cta (was overflowing viewport by 65px)
- .nav-hamburger span: center inside button via left:50%; top:50%
- .nav-hamburger.active states: add translate(-50%,-50%) so the X
lines stay centered after rotation
- .hero-bg: switch from background-* to object-fit/object-position
(was an <img> but CSS targeted background-image → 1024px wide
hero-bg broke mobile layout)
- responsive: also override nav.scrolled padding on mobile
(specificity 0,1,1 > 0,0,1 → 3rem padding stayed in effect,
pushing the hamburger off-screen with width:0 on scroll)
- home/index.php: rename lage-map → lage-map-wrapper so the
existing .lage-map-wrapper CSS (border, margin-top: 3rem,
overflow: hidden, full-width 450px iframe) actually applies
2026-06-04 16:39:05 +00:00
Hermes
4bc035b783
fix(i18n): map gallery + hero + floorplan images to real filenames; force-DE on legal pages
...
- home: map 9/12 gallery items to real filenames (Wohnzimmer-1 -> wohnzimmer2.png,
Badezimmer-1 -> Bad.jpg, etc.); remove 3 items whose source images are missing
- home: hero-bg.jpg -> Außenansicht-2.webp (file exists)
- home: floorplan image -> /bilder/grundrisse/<name>.png (subdir + correct name)
- layout: og:image fallback Aussenansicht-2.webp (ASCII) -> Außenansicht-2.png (UTF-8)
- layout: hero-bg.jpg fallback -> Außenansicht-2.png (UTF-8)
- Controller::render(): add $forceLocale param for legal pages
- ImpressumController / DatenschutzController: force 'de' (TMG §5 / GDPR)
so <html lang=de> is emitted regardless of cookie
2026-06-04 16:13:54 +00:00
Hermes
c5a608d77a
chore: remove dead lowercase app/controllers/ (PSR-4 autoload uses App\\Controllers\\)
Deploy Feature Branch to Test / PHP Syntax Check (push) Successful in 58s
Lint / PHP Syntax Check (push) Successful in 1m0s
Deploy Feature Branch to Test / HTML Lint (htmlhint) (push) Successful in 1m41s
Deploy Feature Branch to Test / CSS Lint (stylelint) (push) Failing after 1m45s
Deploy Feature Branch to Test / Deploy to Test Environment (push) Has been skipped
Lint / HTML Lint (htmlhint) (push) Successful in 1m20s
Lint / PHP Syntax Check (pull_request) Successful in 35s
Lint / CSS Lint (stylelint) (push) Failing after 1m25s
PHPUnit / PHP Unit Tests (push) Failing after 42s
PHPUnit / PHP Unit Tests (pull_request) Failing after 54s
Lint / HTML Lint (htmlhint) (pull_request) Successful in 1m29s
Lint / CSS Lint (stylelint) (pull_request) Failing after 1m33s
2026-06-04 11:15:24 +00:00
Hermes
13a25aded2
feat(i18n): accessibility - per-field form errors, landmark aria-labels, tests ( closes #76 )
2026-06-04 11:04:06 +00:00
Hermes
0186de90ec
feat(i18n): responsive locale-switcher with SVG flags ( closes #75 )
2026-06-04 09:44:40 +00:00
Hermes
4b1c779846
feat(i18n): translation files DE/EN/UK/RU + layout integration ( closes #74 )
2026-06-04 09:31:34 +00:00
Hermes
ce21242308
feat(i18n): LocaleController switcher with open-redirect protection ( closes #73 )
...
- App\Controllers\LocaleController: GET /locale?set=xx&return=/path
- Sets 1-year cookie (HttpOnly=false for SSR, SameSite=Lax, Secure on HTTPS)
- 302 redirect to explicit return URL > Referer > /
- Pure buildResponse() helper for unit tests (no headers/exit)
- current() helper: resolves locale from $_GET/$_COOKIE/Accept-Language
- safeRedirect: rejects absolute URLs, protocol-relative (//evil.com),
backslash tricks (\\evil.com), javascript:/data: schemes
- 28 PHPUnit tests (LocaleControllerTest), all green
- Total project tests now: 92
2026-06-04 08:57:33 +00:00
Hermes
63c8c759d2
feat(i18n): core Locale resolver + I18n t()-helper with tests ( closes #72 )
...
- App\Core\Locale: query-param > cookie > Accept-Language > 'de' fallback
- BCP-47 region stripping (en-US -> en, uk-UA -> uk)
- q-value sorting with stable order
- og:locale mapping (de_DE, en_GB, uk_UA, ru_RU)
- hreflang alternates helper
- App\Core\I18n: t() with {placeholder} interpolation, lookup chain
current-locale -> de -> key, in-memory cache
- ADR-002: documents the architecture decision
- 46 PHPUnit tests (LocaleTest, I18nTest), all green
2026-06-04 08:53:58 +00:00
45368bb607
fix: replace jQuery with vanilla JS scrollIntoView
Lint / PHP Syntax Check (push) Has been cancelled
Lint / CSS Lint (stylelint) (push) Has been cancelled
Lint / HTML Lint (htmlhint) (push) Has been cancelled
2026-06-02 23:50:56 +02:00
1a72210608
Merge pull request 'feat: PHPUnit Test-Infrastruktur und Router-Tests' ( #64 ) from feature/phpunit-tests into main
Lint / PHP Syntax Check (push) Successful in 33s
Lint / CSS Lint (stylelint) (push) Successful in 1m12s
Lint / HTML Lint (htmlhint) (push) Successful in 1m9s
2026-05-22 21:33:32 +02:00
greggy
57b97b5069
feat: add PHPUnit test infrastructure and Router tests
...
Deploy Feature Branch to Test / deploy (push) Successful in 28s
Lint / PHP Syntax Check (push) Successful in 36s
Lint / CSS Lint (stylelint) (push) Successful in 1m18s
Lint / HTML Lint (htmlhint) (push) Successful in 1m11s
Lint / PHP Syntax Check (pull_request) Successful in 37s
Lint / CSS Lint (stylelint) (pull_request) Successful in 1m20s
Lint / HTML Lint (htmlhint) (pull_request) Successful in 1m13s
- Add composer.json with PHPUnit 11 and PSR-4 autoloading
- Add phpunit.xml configuration
- Rename app/core/ → app/Core/ and app/controllers/ → app/Controllers/ (PSR-4)
- Add 18 unit tests for App\Core\Router (31 assertions)
- addRoute(): default action, custom action, overwrite
- dispatch(): URL normalization, direct match, legacy redirects
- dispatch(): 404 handling, controller/action not found exceptions
- TestableRouter subclass to intercept side-effects
- Update .gitignore (vendor/, .phpunit.cache/)
2026-05-22 19:02:02 +00:00
e896831b36
fix( #62 ): correct PLZ from 98533 to 98553 in lage section
...
Deploy Feature Branch to Test / deploy (push) Successful in 25s
Lint / PHP Syntax Check (push) Successful in 32s
Lint / CSS Lint (stylelint) (push) Successful in 1m17s
Lint / HTML Lint (htmlhint) (push) Successful in 1m7s
Lint / PHP Syntax Check (pull_request) Successful in 32s
Lint / CSS Lint (stylelint) (pull_request) Successful in 1m14s
Lint / HTML Lint (htmlhint) (pull_request) Successful in 1m7s
The PLZ was incorrect in the Lage-Section view (98533 instead of 98553).
HomeController and meta description already used the correct 98553.
Closes #62
2026-05-22 14:23:07 +00:00
9b92136048
Merge pull request 'Fix #42 : CSRF-Schutz für Kontaktformular' ( #50 ) from feature/issue-42-csrf-protection into main
...
Lint / PHP Syntax Check (push) Successful in 32s
Lint / HTML Lint (htmlhint) (push) Has been cancelled
Lint / CSS Lint (stylelint) (push) Has been cancelled
Reviewed-on: #50
2026-05-22 08:33:41 +02:00
d44fb337e2
fix(security): replace REQUEST_URI with fixed path in redirects ( #43 )
...
Deploy Feature Branch to Test / deploy (push) Successful in 24s
Lint / PHP Syntax Check (push) Successful in 33s
Lint / CSS Lint (stylelint) (push) Successful in 1m14s
Lint / HTML Lint (htmlhint) (push) Successful in 1m8s
Lint / PHP Syntax Check (pull_request) Successful in 32s
Lint / CSS Lint (stylelint) (pull_request) Successful in 1m12s
Lint / HTML Lint (htmlhint) (pull_request) Successful in 1m8s
- Replace all 3 occurrences of $_SERVER['REQUEST_URI'] with '/'
- Prevents potential open redirect via client-controlled REQUEST_URI
- Safe since contact form only exists on homepage
Fix #43
2026-05-21 23:06:19 +00:00
a919a392cc
fix(security): add CSRF protection to contact form ( #42 )
...
Deploy Feature Branch to Test / deploy (push) Successful in 25s
Lint / PHP Syntax Check (push) Successful in 32s
Lint / CSS Lint (stylelint) (push) Successful in 1m13s
Lint / HTML Lint (htmlhint) (push) Successful in 1m9s
Lint / PHP Syntax Check (pull_request) Successful in 32s
Lint / CSS Lint (stylelint) (pull_request) Successful in 1m16s
Lint / HTML Lint (htmlhint) (pull_request) Successful in 1m7s
- Generate CSRF token (32 bytes) on GET requests
- Add hidden csrf_token field to contact form
- Validate token with hash_equals() (timing-safe) on POST
- Reject invalid/missing tokens with user-friendly error
Fix #42
2026-05-21 23:05:51 +00:00
1aedcaf314
refactor: Umstellung auf Mini-MVC-Architektur (Issue #46 )
...
Deploy Feature Branch to Test / deploy (push) Successful in 24s
- Front Controller Pattern mit public/index.php als Einstiegspunkt
- Eigenes Routing (App\Core\Router) ohne externes Framework
- Controller: HomeController, ImpressumController, DatenschutzController
- Views mit gemeinsamem Layout (app/views/layouts/main.php)
- PSR-4 Autoloading
- Statische Assets nach public/ verschoben
- Alte Dateien (index.php, impressum.html, datenschutz.html) geloescht
- 301-Redirects fuer alte URLs
- PHP 8.5 kompatibel
- Apache DocumentRoot auf public/ gesetzt
2026-05-19 14:38:38 +00:00
