E.Noorlander/CodePress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix security vulnerabilities, remove dead code, and improve code quality

Browse Source 
- Fix path traversal with realpath() validation in getPage() and executePhpFile()
- Remove insecure JWT secret fallback, require JWT_SECRET env var
- Fix IP spoofing by only trusting proxy headers from configured proxies
- Add Secure/HttpOnly/SameSite flags to all cookies
- Use env var for debug mode instead of hardcoded true
- Fix operator precedence bug in MQTTTracker track_user_flows check
- Remove dead code: duplicate is_dir() block, unused scanForPageNames()
- Remove htmlspecialchars() from filesystem path operations
- Remove duplicate require_once calls and redundant autoloader includes
- Fix unclosed </div> in getDirectoryListing()
- Escape breadcrumb titles and add lang param to search result URLs
- Make language prefixes dynamic from config instead of hardcoded nl|en
- Make HTML lang attribute dynamic, add go_to translation key
- Add aria-label/aria-expanded to sidebar toggle for accessibility
- Fix event listener leak in app.js using event delegation
- Remove console.log from production code
- Update guides (NL/EN) with sidebar toggle documentation
- Add TODO.md documenting all identified improvements
This commit is contained in:
Edwin Noorlander
2026-02-16 15:05:27 +01:00
parent e3a3cc5b6d
commit 60276cdccd
11 changed files with 190 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
guide/en.codepress.md
View File

@@ -12,8 +12,9 @@ CodePress is a lightweight, file-based Content Management System built with PHP
- Home button with icon
- Automatic menu generation
- Responsive design
- Breadcrumb navigation
- Breadcrumb navigation with sidebar toggle
- Active state marking
- **Sidebar toggle** - Button placed left of HOME in the breadcrumb to open/close the sidebar. The icon changes between open and closed state. The choice is preserved during the session
### 📄 Content Types
- **Markdown (.md)** - CommonMark support
@@ -47,7 +48,7 @@ CodePress is a lightweight, file-based Content Management System built with PHP
- Mustache templates
- Semantic HTML5 structure
- **Dynamic layouts** with YAML frontmatter
- **Sidebar support** with plugin integration
- **Sidebar support** with plugin integration and toggle function via breadcrumb
## Installation

5
guide/nl.codepress.md
View File

@@ -12,8 +12,9 @@ CodePress CMS is een lichtgewicht, file-based content management systeem gebouwd
- Home knop met icoon
- Automatische menu generatie
- Responsive design
- Breadcrumb navigatie
- Breadcrumb navigatie met sidebar toggle
- Active state marking
- **Sidebar toggle** - Knop links van HOME in de breadcrumb om de sidebar te openen/sluiten. Het icoon wisselt tussen open en gesloten status. De keuze blijft behouden tijdens de sessie
### 📄 Content Types
- **Markdown (.md)** - CommonMark ondersteuning
@@ -47,7 +48,7 @@ CodePress CMS is een lichtgewicht, file-based content management systeem gebouwd
- Mustache templates
- Semantic HTML5 structuur
- **Dynamic layouts** met YAML frontmatter
- **Sidebar support** met plugin integratie
- **Sidebar support** met plugin integratie en toggle functie via breadcrumb
## Installatie