Hermes
ce21242308
feat(i18n): LocaleController switcher with open-redirect protection ( closes #73 )
...
- App\Controllers\LocaleController: GET /locale?set=xx&return=/path
- Sets 1-year cookie (HttpOnly=false for SSR, SameSite=Lax, Secure on HTTPS)
- 302 redirect to explicit return URL > Referer > /
- Pure buildResponse() helper for unit tests (no headers/exit)
- current() helper: resolves locale from $_GET/$_COOKIE/Accept-Language
- safeRedirect: rejects absolute URLs, protocol-relative (//evil.com),
backslash tricks (\\evil.com), javascript:/data: schemes
- 28 PHPUnit tests (LocaleControllerTest), all green
- Total project tests now: 92
2026-06-04 08:57:33 +00:00
Hermes
63c8c759d2
feat(i18n): core Locale resolver + I18n t()-helper with tests ( closes #72 )
...
- App\Core\Locale: query-param > cookie > Accept-Language > 'de' fallback
- BCP-47 region stripping (en-US -> en, uk-UA -> uk)
- q-value sorting with stable order
- og:locale mapping (de_DE, en_GB, uk_UA, ru_RU)
- hreflang alternates helper
- App\Core\I18n: t() with {placeholder} interpolation, lookup chain
current-locale -> de -> key, in-memory cache
- ADR-002: documents the architecture decision
- 46 PHPUnit tests (LocaleTest, I18nTest), all green
2026-06-04 08:53:58 +00:00
45368bb607
fix: replace jQuery with vanilla JS scrollIntoView
Lint / PHP Syntax Check (push) Has been cancelled
Lint / CSS Lint (stylelint) (push) Has been cancelled
Lint / HTML Lint (htmlhint) (push) Has been cancelled
2026-06-02 23:50:56 +02:00
1a72210608
Merge pull request 'feat: PHPUnit Test-Infrastruktur und Router-Tests' ( #64 ) from feature/phpunit-tests into main
Lint / PHP Syntax Check (push) Successful in 33s
Lint / CSS Lint (stylelint) (push) Successful in 1m12s
Lint / HTML Lint (htmlhint) (push) Successful in 1m9s
2026-05-22 21:33:32 +02:00
greggy
57b97b5069
feat: add PHPUnit test infrastructure and Router tests
...
Deploy Feature Branch to Test / deploy (push) Successful in 28s
Lint / PHP Syntax Check (push) Successful in 36s
Lint / CSS Lint (stylelint) (push) Successful in 1m18s
Lint / HTML Lint (htmlhint) (push) Successful in 1m11s
Lint / PHP Syntax Check (pull_request) Successful in 37s
Lint / CSS Lint (stylelint) (pull_request) Successful in 1m20s
Lint / HTML Lint (htmlhint) (pull_request) Successful in 1m13s
- Add composer.json with PHPUnit 11 and PSR-4 autoloading
- Add phpunit.xml configuration
- Rename app/core/ → app/Core/ and app/controllers/ → app/Controllers/ (PSR-4)
- Add 18 unit tests for App\Core\Router (31 assertions)
- addRoute(): default action, custom action, overwrite
- dispatch(): URL normalization, direct match, legacy redirects
- dispatch(): 404 handling, controller/action not found exceptions
- TestableRouter subclass to intercept side-effects
- Update .gitignore (vendor/, .phpunit.cache/)
2026-05-22 19:02:02 +00:00
e896831b36
fix( #62 ): correct PLZ from 98533 to 98553 in lage section
...
Deploy Feature Branch to Test / deploy (push) Successful in 25s
Lint / PHP Syntax Check (push) Successful in 32s
Lint / CSS Lint (stylelint) (push) Successful in 1m17s
Lint / HTML Lint (htmlhint) (push) Successful in 1m7s
Lint / PHP Syntax Check (pull_request) Successful in 32s
Lint / CSS Lint (stylelint) (pull_request) Successful in 1m14s
Lint / HTML Lint (htmlhint) (pull_request) Successful in 1m7s
The PLZ was incorrect in the Lage-Section view (98533 instead of 98553).
HomeController and meta description already used the correct 98553.
Closes #62
2026-05-22 14:23:07 +00:00
9b92136048
Merge pull request 'Fix #42 : CSRF-Schutz für Kontaktformular' ( #50 ) from feature/issue-42-csrf-protection into main
...
Lint / PHP Syntax Check (push) Successful in 32s
Lint / HTML Lint (htmlhint) (push) Has been cancelled
Lint / CSS Lint (stylelint) (push) Has been cancelled
Reviewed-on: #50
2026-05-22 08:33:41 +02:00
d44fb337e2
fix(security): replace REQUEST_URI with fixed path in redirects ( #43 )
...
Deploy Feature Branch to Test / deploy (push) Successful in 24s
Lint / PHP Syntax Check (push) Successful in 33s
Lint / CSS Lint (stylelint) (push) Successful in 1m14s
Lint / HTML Lint (htmlhint) (push) Successful in 1m8s
Lint / PHP Syntax Check (pull_request) Successful in 32s
Lint / CSS Lint (stylelint) (pull_request) Successful in 1m12s
Lint / HTML Lint (htmlhint) (pull_request) Successful in 1m8s
- Replace all 3 occurrences of $_SERVER['REQUEST_URI'] with '/'
- Prevents potential open redirect via client-controlled REQUEST_URI
- Safe since contact form only exists on homepage
Fix #43
2026-05-21 23:06:19 +00:00
a919a392cc
fix(security): add CSRF protection to contact form ( #42 )
...
Deploy Feature Branch to Test / deploy (push) Successful in 25s
Lint / PHP Syntax Check (push) Successful in 32s
Lint / CSS Lint (stylelint) (push) Successful in 1m13s
Lint / HTML Lint (htmlhint) (push) Successful in 1m9s
Lint / PHP Syntax Check (pull_request) Successful in 32s
Lint / CSS Lint (stylelint) (pull_request) Successful in 1m16s
Lint / HTML Lint (htmlhint) (pull_request) Successful in 1m7s
- Generate CSRF token (32 bytes) on GET requests
- Add hidden csrf_token field to contact form
- Validate token with hash_equals() (timing-safe) on POST
- Reject invalid/missing tokens with user-friendly error
Fix #42
2026-05-21 23:05:51 +00:00
1aedcaf314
refactor: Umstellung auf Mini-MVC-Architektur (Issue #46 )
...
Deploy Feature Branch to Test / deploy (push) Successful in 24s
- Front Controller Pattern mit public/index.php als Einstiegspunkt
- Eigenes Routing (App\Core\Router) ohne externes Framework
- Controller: HomeController, ImpressumController, DatenschutzController
- Views mit gemeinsamem Layout (app/views/layouts/main.php)
- PSR-4 Autoloading
- Statische Assets nach public/ verschoben
- Alte Dateien (index.php, impressum.html, datenschutz.html) geloescht
- 301-Redirects fuer alte URLs
- PHP 8.5 kompatibel
- Apache DocumentRoot auf public/ gesetzt
2026-05-19 14:38:38 +00:00
